New Dell BIOS Bugs Affect Millions of Computers

Dell is in good (or bad) company. Five new BIOS bugs could lead to code execution if exploited. Dell is now joining HP and others with major BIOS vulnerabilities.

The active exploitation of these bugs cannot be detected by the firmware integrity monitoring system according to security firm Binarly.

The bugs are rated 8.2 out of 10 on the security Richter scale.

Like other bugs in the InsydeH2O UEFI firmware, the flaws affect the system management module of the firmware. The good news is that it requires a local authenticated user to launch the attack.

Just to connect the dots, that means if any of your users falls for a phishing attack, it is game over.

The attack on the SMM code allows the hacker to operate at the highest level of privilege possible in the hardware.

Among the affected products are Alienware, Inspiron, Vostro and Edge Gateway 3000 series.

Dell says to update at the “earliest opportunity”.

Credit: The Hacker News

The bugs are almost six years old and they point out the challenges of securing the supply chain.

Dell and HP are only two vendors that have gotten into trouble. There are probably a lot of smaller vendors that are trying to hide under rocks right now.

Credit: Security Week