Cybersecurity researchers revealed a series of BIOSConnect and HTTPS Boot Vulnerabilities on 129 different models of Dell laptops, tablets, and desktops. Estimates at least 30 million individual devices. Doesn’t this data show how big the problem is? Before hackers use this opportunity to turn this into a gold mine. We recommend our readers fix the BIOSConnect and HTTPS Boot Vulnerabilities on their affected modules. We have shown a complete process on how to fix the BIOSConnect and HTTPS Boot Vulnerabilities in the post. Please go through each step to fix them up.
Note: We request to read the post: ‘How Attackers Abuse the Dell BIOSConnect and HTTPS Boot Vulnerabilities to Compromise the Dell Computers?‘ to know more about BIOSConnect and HTTPS Boot Vulnerabilities.
Table of Contents
Prerequisites To Exploit The BIOSConnect And HTTPS Boot Vulnerabilities:
Attackers can’t easily launch the attack and compromise the machine. There are few prerequisites for an attacker for a successful attack.
BIOSConnect vulnerability exploits prerequisites:
- Access to the user’s network.
- A certificate, trusted by one of the Dell UEFI BIOS built-in Certificate Authorities.
- A request from BIOSConnect to the Dell server.
HTTPS Boot vulnerability exploits prerequisites:
- Access to the user’s network.
- A certificate, trusted by one of the Dell UEFI BIOS built-in Certificate Authorities.
- A vulnerable machine on which boot order is set to HTTPS boot.
How To Fix The BIOSConnect And HTTPS Boot Vulnerabilities:
Dell has released a few remediations and mitigations for users. Users can further protect themselves by following these recommendations.
- Users have been asked to use secured networks and prevent unauthorized local and physical access to devices.
- Dell has asked the users to enable platform security features such as Secure Boot and BIOS Admin Password for additional protection.
- No action required on CVE-2021-21573 and CVE-2021-21574 as these two vulnerabilities were remediated on 28th May, 2021.
- The other two CVE-2021-21571 and CVE-2021-21572 vulnerabilities would require system BIOS updates to address the vulnerabilities. Please check out the affected device table from the post to find out the required BIOS version.
- Users can’t go with BIOS updates immediately. They can disable the BIOSConnect and HTTPS Boot feature on the system BIOS.
How To Update The Dell System BIOS?
There are multiple ways to update BIOS. However, Dell recommends three ways to update system BIOS.
#1. Dell Notification Solutions:
Use any of the tools to be notified and download BIOS updates automatically once available.
- Dell SupportAssist
- Dell Update
- Dell Command Update
- Dell Notifications
Dell SupportAssist | Dell Update | Dell Command Update | Dell Notifications | |
Platforms supported | Inspiron, XPS, Latitude, Vostro, Venue, Alienware | Inspiron, Vostro, XPS, Alienware | Latitude, OptiPlex,Precision, Venue ProTablets, XPS Notebooks | All systems |
Compatible Operating systems | Windows 7, Windows 8.1,Windows 10 | Windows7, Windows 8.1, Windows 10 | Windows 7,Windows 8.1,Windows 10 | All supported |
Notification Level | All updates | All updates | All updates | All updates |
Notification Methodology | Notifications pushed through SupportAssist | Windows event notifications | Windows event notifications pulled on command or scheduled for automatic check/updates on a continuous basis | Email or SMS |
Administrator rights required to run | Yes | No | Yes (2.4) No (3.0) | No |
Reinstallation link | Dell SupportAssist | Dell Update(Windows 7 and 8.1) Dell Update(Windows 10 32 & 64 bit) | Dell Command | Update (CLI) (Windows 7, Windows 8.1, Windows 10)Dell Command | Update (Windows 10 RedStone 1 and later) |
#2. Download Drivers And Update BIOS:
- Browse to the Dell Drivers & downloads page.
- Let it identify your Dell product.
- Click on ‘Download & Install SupportAssist’. Follow the instructions to install Dell SupportAssist. For more information, visit the Dell knowledge base article Dell SupportAssist (formerly Dell System Detect): Overview and Common Questions.
- If your prodect doesn’t get detected, enter the Service Tag, Express Service Code, or the Serial number of the Dell product and click Search.
- Or else, manually select your Dell product from the catalog by clicking on Browse all products.
- Select the Operating System.
- Under Category, select BIOS.
- Locate the latest System BIOS, Download and save the file.
- Browse to the location where the downloaded file was saved. Double-click the downloaded BIOS setup file and follow the instructions to complete the installation process.
#3. Flashing The BIOS From The F12 One-Time Boot Menu:
Users can install BIOS update from Windows. If the computer fails to boot Windows, users can install the update using the F12 One Time Boot menu. Most of the Dell devices released after 2012 will be shipped with this feature. You can confirm the feature in the system BIOS. Hit the F12 key during the boot process and enter it into the BIOS. If you see the BIOS FLASH UPDATE option under the boot option, then your system supports this method. Click here to see more details.
How To Disable The BIOSConnect And HTTPS Boot?
Dell recommends installing the BIOS updates immediately; however, users who can’t update the BIOS anytime soon disable the BIOSConnect and HTTPS Boot.
Disable BIOSConnect:
There are two options available to disable the BIOSConnect.
Option 1: Disable BIOSConnect from the BIOS setup page.
Users may need to locate the BIOSConnect option on the BIOS setup page. Users can find it in two different places depending on the type of BIOS setup menu.
BIOS Setup Menu Type A: F2 > Update, Recovery > BIOSConnect > Switch to Off.
BIOS Setup Menu Type B: F2 > Settings > SupportAssist System Resolution > BIOSConnect > Uncheck BIOSConnect option.
Option 2: Users can use Dell Command | Configure (DCC) tool to disable the BIOSConnect.
Disable HTTPS Boot:
There are two options available to disable the HTTPS Boot.
Option 1:
BIOS Setup Menu Type A: F2 > Connection > HTTP(s) Boot > Switch to Off.
BIOS Setup Menu Type B: F2 > Settings > SupportAssist System Resolution > BIOSConnect > Uncheck BIOSConnect option.
Option 2: Users can use Dell Command | Configure (DCC) tool to disable the HTTPS Boot.
Thanks for reading this post. Please share this information with one who owns the Dell computer and make them aware about the vulnerabilities.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/269993.html