Posted on 06/28/2021 11:47:59 AM PDT by Red Badger
A team of engineers at computer security company Eclypsium, Inc. has found four vulnerabilities in Dell BIOSConnect features within Dell SupportAssist. They have reported what they found on their website where they have rated the vulnerability as High.
Dell Computer Technology Company is one of the largest makers of personal computers in the world. As part of their efforts to support their customers the company began installing a BIOS-based application called SupportAssist, which, as its name suggests, is meant to allow Dell technicians to assist users remotely. Dell also preinstalls another BIOS app called BIOS Connect on the computers it sells, which allows the company to update the BIOS of the computers its sells. In this new effort, the team at Eclypsium found a security chain vulnerability that could allow what they describe as 'adversaries' to gain access to the boot process of user computers, which could be used to load adversarial software.
Eclypsium reported the problems it found to Dell this past March, and Dell promptly issued a security advisory to its customers and set about working up a fix. Two of the fixes were completed and updated on server-side machines—the other two, once completed, were sent to Dell's cloud site. Those fixes are now available for those customers who have been impacted; those who have Dell auto-updates turned on need not worry as the updates for they have likely taken place already.
The vulnerability involved 129 different Dell devices, from laptops, to desktops and tablet devices and likely impacted approximately 30 million computers around the world. One of the vulnerabilities involved connections between BIOS updates and Dell servers that could allow an adversary to redirect a computer being updated to an adversarial machine. The other three vulnerabilities were listed as overflow vulnerabilities.
Eclypsium's engineers noted on their website that any attack meant to take advantage of the vulnerability would have had to involve redirecting user computers, which made the likelihood of an attack on individual users very remote. Any such attacks would have been far more likely to take aim at large enterprises with a lot of payoff for adversaries.
Explore further
As more work from home, Dell unveils new BIOS shield More information: Dell: www.dell.com/support/kbdoc/nl- … d-https-boot-feature
Any 5ish year old laptop will work perfectly for just that. If your current one is doing well, keep it. Faster CPU, GPU, drives or more memory will not give you but a marginal improvement. The only thing you would need to care about is the size, screen, battery life and keyboard comfort. When you are ready to get a new one don’t buy the leading edge (bleeding edge) stuff. Too much $ for the incremental better-ness. Look for last years model on close out.
As for brands, I avoid Dell, and HP. Personally I go with Clevo or MSI most of the time, but their laptops are high end commodity laptops for gamers, developers and engineers. No benefit for what you are doing with yours.
Forget Apple since they mark their stuff up way beyond what the performance diff is. Their premium is for the training wheels you get on their stuff and the snooty attitude you can have saying “I can afford this fisher price computer because I am to dumb to make decisions myself. Now make me a soy grande macchiato with matcha tea sprinkled on the whipped vegan psuedo cream on top.”
I’m wonder if I should wait until this W11 is out; wouldn’t the stores have older outdated laptops?
As I understand it, all their hardware and software are proprietary owned d by Dell.
You don't own it,.. you just think that you do !
This BIOS software issue is just an example...
More than likely yes. New OS release is a good time for laptop shopping. Anything new with 10 will be able to upgrade, but who wants to buy an outdated laptop. (Except $ smart people)
You might be able to pick up a bargain. Places like Office Depot or Staples will very likely clearance out the older models when the new shiny 11’s come out.
For you I think touching and feeling the laptop is important.
I never asked... what do you have now?
An old Toshiba Satellite.
LOL... you could do with an update. Keep an eye out starting now. No one will be want to be stuck with “old stock” and expect 11 on or around Oct. 20
Install Linux Mint on the old satellite to breathe lots of new life into it when you have upgraded. Be careful though. Once you have seen just how well Mint runs and how easy the transition is for a windows user, you might just upgrade your new Laptop to it as well.
Antivirus... Linux dont need no steenking antivirus.
https://www.youtube.com/watch?v=e1lyNt5km8U
(Linux doesnt phone home to the MS mothership either)
I also disabled the Hardware Support.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.