A new vulnerability/s discovered by security researchers has reportedly put over 30 million Dell PC users at risk. It is a chain of 4 bugs that have been assigned a cumulative CVSS score of 8.4 which is high/severe.
Eclypsium, a Cybersecurity vendor, was the first to discover these vulnerabilities in over 129 Dell Models that allowed cybercriminals to execute arbitrary code inside the machine BIOS.
Going with the technical terms, the vulnerability was impacting a feature called BIOS Connect that allows users to perform system recovery and update firmware by connecting the device BIOS setup with the backend servers of Dell on a remote node.
Researchers belonging to the Oregon-based Enterprise device security offering company say that the 4 discovered bugs could lead to web traffic redirection, machine in the middle attacks, and DNS cache poisoning allowing exploitation of Virtual private networks in corporate networks.
Therefore, with the discovery of the latest BIOS vulnerability in Dell PCs, it is evident that hackers have shifted their focus to vendor supply chains and system firmware that can lead to a disaster similar to that of the Wannacry Ransomware attack that infected over 250,000 Windows PC in 2017 worldwide.
Note 1- To mitigate cyber risks, Dell is asking its users to update to the latest Dell Client BIOS version ASAP.
Note 2- Dell is the first company in the IT industry to follow green initiatives through PC recycling goals. And so was awarded the National Recycling Coalition Award for becoming the first PC producer to take up Recycling works.