Surely the big brands can be trusted with their components and software? With buyers having a good idea of what to expect, most people don’t know that the pre-installed software on a computer is often not developed by the device makers themselves. While the software goes through several checks before being installed, there is always the possibility that something will slip through the cracks. And that is exactly what has happened recently with one of the biggest laptop makers in the U.S.
Here’s the backstory
Cybersecurity company Eclypsium researched pre-installed software that’s shipped with new laptops. What the company found was that numerous security flaws were present in one vendor’s update tools. The flaws are in the BIOSConnect and Dell’s HTTPS Boot feature in the client BIOS. When used as an exploit, the flaws impersonate Dell.com and install malicious code on the computer. “Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls,” Eclypsium explained in a blog post.
Affected models
The flaw impacts around 30 million devices, which spans 129 Dell models, including laptops, tablets and desktops. The affected models include:
Alienware m15 R6InspironOptiPlexLatitudeVostro XPS
The biggest concern for consumers should be the three flaws identified in the Dell BIOSConnect feature. “An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions,” Dell explained in a security post.
What you can do about it the flaws
If you have one of the affected models, there isn’t a software update available right now to fix the issue. There are, however, two solutions that you can implement to minimize the impact of the vulnerabilities. Dell explained that users can disable the BIOSConnect feature:
During the device’s startup, press F2 to go into the BIOS setup.Navigate to Update, Recovery and then to BIOSConnect.Select the Switch Off option.
Depending on your motherboard, the option might be in a different menu. If that’s the case:
Go to Settings, SupportAssist System Resolution, and then BIOSConnectUncheck the BIOSConnect option.
To disable the HTTPS Boot feature:
During the device’s startup, press F2 to go into the BIOS setup.Navigate to Connection, and then HTTP(s) Boot.Switch it to Off.
Keep reading
Dell’s new monitors prove working from home is here to stay Free programs to keep your computer software up to date