Vulnerable to the BIOS function of 30 million Dell PCs.Recommended to update or disable functions -PC Watch

By : ilikephone / On : 10/07/2022

news

BIOSConnectの脆弱性

 Dell announced on April 24 (local time) that the company's BIOS update function "BIOSCONNECT" had two types of vulnerabilities and provided evasion and easing measures.

3,000万台のデル製PCのBIOS機能に脆弱性。更新または機能無効化を推奨 - PC Watch

 This vulnerability was discovered by Eclypsium, a security company.According to ECLYPSIUM, "BIOSCONNECT", which is installed on 129 models of DELL consumers/corporate PCs, has two types of vulnerabilities.It predicts that the affected devices will be at least 30 million units.

 BIOSCONNECT is a program that starts before the OS starts. It can access the Dell server via HTTP (S), update the BIOS, or recover the system.Specifically, it is a mechanism that downloads the cloud -based OS (SOS) image to the local RAM disk via HTTP (S) to perform the necessary operations.

BIOSConnectの概要

 One of the vulnerability is that when connecting to the backend HTTP server, it accepts any valid wildcard certificate from the Biosconnect and connects TLS.As a result, an unrecognized attacker uses a middle -aged attack to abuse this vulnerabilities, refusing services and falsification of payload.

 The other is a buffer overflow vulnerabilities, and authenticated administrators with local access rights to the system may abuse vulnerabilities to execute any code and avoid UEFI restrictions.It is said that there is.

 Dell can be alleviated by distributing a modified BIOS to a model with this vulnerability to solve the problem.I am.