Dell has released a security update that addresses five critical vulnerabilities found in the BIOS update utility for PCs such as Windows desktops, laptops and tablets.
The vulnerability was discovered and reported by SentilenOne, a research division at SentinelLabs, a security company. According to reports, since 2009, most of the Dell Windows 380 models are vulnerable and can be exploited to elevate the privilege of an intruder. Fortunately, however, there is no evidence that the vulnerability was exploited at the time of reporting.
Dell has released a patch for the vulnerability. This patch fixes five fixes, four of which are used to elevate an attacker’s privileges, and one that addresses a denial of service vulnerability. According to the FAQ released by Dell, the attacker exploits the vulnerability, which would require direct access to the PC by using some hack or phishing method to trick the user. Also, since the firmware containing the vulnerability is not installed on the PC, it only affects the PC when the firmware is updated.
However, if an attacker brings in the problem BIOS update and accesses the PC, there is a possibility to allow hacking using it. Therefore, Dell PC users or corporate organizations affected by the problem may need to quickly identify and patch the location of the vulnerability. Sentinel Labs is about to announce vulnerability information so that user patches can be applied. Related information can be found here.