Dell Support Assist, 잠재적인 원격 BIOS 해킹에 3천만 대의 PC 노출, 지금 업데이트

newsroom 6/25 '21 posted 뉴스 IT

합계, 약 3 천만 Dell 시스템이 취약점에 민감하고 즉시 패치되어야한다고 추정됩니다. 다행히도 Dell은 영향을 받는 모든 모델에 대한 업데이트를 발행했습니다. 설정되지 않은 경우 공격자는 시스템에 물리적 액세스없이 악성 코드를 실행하고 사전 부트 환경에서 실행될 수 있습니다.

• 특히 문제는 Dell SupportAssist (대부분의 Windows 기반 Dell 컴퓨터에서 사전 설치된 기술 지원 솔루션) 내에서 BiosConnect 기능에 영향을 미칩니다.

• BiosConnect는 원격 OS 복구를 수행하거나 장치에서 펌웨어를 업데이트하는 데 사용됩니다.

• 모든 유형의 기술 공급 업체는 고객이 펌웨어를 최신 상태로 유지하고 시스템 실패로 복구 할 수 있도록 가능한 한 쉽게 수행 할 수 있도록 최대한 쉽게 업데이트 프로세스를 구현하고 있습니다. 연구자는 분석에서 언급했습니다.

• 보고서는 공격자가 호스트의 UEFI 펌웨어를 원격으로 활용하고 장치에서 가장 권한있는 코드를 제어 할 수 있도록 공격자가 원격으로 활용할 수 있음을 알 수 있습니다.

Preinstalled Firmware Updater Puts 128 Dell Models ... [www.darkreading.com]

30M Dell Devices at Risk for Remote BIOS Attacks, RCE [threatpost.com]

Dell SupportAssist Exposed 30 Million PCs To Potential Remote BIOS Hack, Update Now [hothardware.com]

Dell SupportAssist bugs put over 30 million PCs at risk [www.bleepingcomputer.com]

Dell's BIOS software open to remote exploit affecting 30 million laptops [mspoweruser.com]

Eclypsium Discovers Multiple Vulnerabilities in Dell BIOSConnect [eclypsium.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

6/25 '21 answered

30 Million devices. An RCE in a feature of their remote connect support capability for reflashing the operating system.https://t.co/92e20WSbT2
— Alyssa Miller ? Duchess of Hackington (@AlyssaM_InfoSec) June 24, 2021

Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.https://t.co/yh5g5qZ2Fn
— Peril Group (@PerilGroup) June 24, 2021

30M #Dell Devices at Risk for Remote BIOS Attacks RCE.
By @threatpost #VPN #DNS #HTTP #Cybersecurity #IoT #infosec #BIOSAttack
Cc: @DrJDrooghaag @Victoryabro @AshokNellikar @techpearce2 @fogle_shane @Shi4Tech @gvalan @archonsec @PVynckier @Corix_JC https://t.co/M9nOrOiZX1 pic.twitter.com/lMnEwVKXEG
— Fabrizio Bustamante (@Fabriziobustama) June 24, 2021

30M Dell devices at risk for Remote BIOS attacks, RCE ? https://t.co/Q3n1g2fsZR via @threatpost pic.twitter.com/myVIiyqLE0
— Eugene Kaspersky (@e_kaspersky) June 24, 2021

30M Dell Devices at Risk for Remote BIOS Attacks, RCE https://t.co/OV15vLMw03
— Nicolas Krassas (@Dinosn) June 24, 2021

Dell SupportAssist bugs put over 30 million PCs at risk https://t.co/ZyGjDQXKIJ
— The Cyber Security Hub™ (@TheCyberSecHub) June 24, 2021

https://t.co/81i4G5YnXx

thanks @mcbazza
— MrR3b00t | Defender of the cyber realm (@UK_Daniel_Card) June 24, 2021

Dell SupportAssistのBIOSConnect機能に4つの脆弱性。これによって、攻撃者は、BIOS経由で悪意のあるコードを実行できる。

Dell SupportAssist bugs put over 30 million PCs at risk https://t.co/Ig4SOfEC4e
— ぐーたっちまん o(`･ω･´)o (@dexderrewedd447) June 24, 2021

permanent link

Open Wiki - Feel free to edit it. -

6/25 '21 answered

Dell 컴퓨터에 선탑재된 SupportAssist. 그중 펌웨어 업데이트를 담당하는 BIOS Connect의 통신에 중간자 공격이 가능해 보안 부팅 등의 수단을 모두 우회하고 악성코드를 바이오스에 심어 부팅시킬 수 있습니다. 패치되기 전까지 BIOS Connect를 사용하지 마십시오.https://t.co/PvoKCYc8Yq
— ?라루얀 / 말썽쟁이 구운 경단? (@LaruYan) June 25, 2021

⁦@eclypsium⁩ #Security found 4 major security #vulnerabilities in #BIOSConnect feature of ⁦@Dell⁩ #DellSupportAssist, allowing #attackers to remotely execute code in #BIOS of impacted devices. #girlswhocode #100DaysOfCode ⁦@dynamicCISO⁩ https://t.co/68okCdRTDm
— Rahul Neel Mani (@rneelmani) June 25, 2021

Patch your Dell machines. ??impressive research by the folks at @eclypsium https://t.co/f4BlSuyY4Q
— Ryan Naraine (@ryanaraine) June 24, 2021

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured