Dell firmware vulnerabilities affect as many as 30 million users

Toggle sidebar Toggle sidebar
DAPUNISHER

DAPUNISHER

Super Moderator CPU Forum Mod and Elite Member
Super Moderator
Aug 22, 2001
31,680
31,538
146
Article on Wired - https://www.wired.com/story/dell-firmware-vulnerabilities/

An excerpt from the article -
“This is an attack that lets an attacker go directly to the BIOS,” the fundamental firmware used in the boot process, says Eclypsium researcher Scott Scheferman. “Before the operating system even boots and is aware of what’s going on, the attack has already happened. It’s an evasive, powerful, and desirable set of vulnerabilities for an attacker that wants persistence.”
Click to expand...

Dell is releasing patches, but if the user turned off auto update, they have to be aware of this, and manually update. Which the expert advised anyways, since BIOSConnect is a vulnerable mechanism.
 
Chiefcrowe

Chiefcrowe

Diamond Member
Sep 15, 2008
5,055
198
116
oh damn! Thanks for posting this. ugh, more time to spend updating manually a bunch of BIOS updates I guess.....
 
  • Like
Reactions: DAPUNISHER
Steltek

Steltek

Diamond Member
Mar 29, 2001
3,309
1,046
136
This even affects my old Latitude E4310 (which is over 11 years old), so there have to be literally millions of affected systems still out there...
 
Chiefcrowe

Chiefcrowe

Diamond Member
Sep 15, 2008
5,055
198
116
How could you tell? I checked a newer laptop and there were no updates available for it....yet

Steltek said:
This even affects my old Latitude E4310 (which is over 11 years old), so there have to be literally millions of affected systems still out there...
Click to expand...
 
Steltek

Steltek

Diamond Member
Mar 29, 2001
3,309
1,046
136
Chiefcrowe said:
How could you tell? I checked a newer laptop and there were no updates available for it....yet
Click to expand...

Actually, I was wrong about it affecting my laptop - I read a date incorrectly.

However, to tell what models have been remediated so far, look at the Dell Security Advisory knowledge base article on the issue here. It was most recently revised 06/24/2021.

The models that are affected and that have BIOS updates available to fix the issue are listed at the bottom of the article. If yours is one of those, you should be able to get the BIOS update from the Dell Drivers and Software support site for your machine (the BIOS updates for this issue will be dated in 06/2021 or later). Since the article has two prior revisions, I suspect that Dell may be updating that article as other affected model BIOS updates become available.

Knowing Dell, though, it is also equally possible that Dell won't bother to fix some (maybe a lot) of those 128 affected models as many are probably older machines outside what Dell would deem to be a "reasonable" support period. Dell weaseling is a thing on stuff like that....

I guess we'll see.
 
fralexandr

fralexandr

Platinum Member
Apr 26, 2007
2,281
222
106
www.flickr.com
Hmm, of the models I checked, I didn't see any of Dell's AMD models listed? Just wondering if my G5 SE 5505 is included... Is it limited to the devices listed? Hmm looks like the list includes 129 models now?
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom