Robert's Computer Service LLC Logo
CALL US
864-494-6089
FOLLOW US
  • Home
  • Services
    • Services
    • Service Area
  • Testimonials
    • Testimonials
    • Enter your Testimonial
  • About The Technicians
  • Blog
  • FAQ
  • Contact
  • Remote Support

Dell have discovered some vulnerabilities that are affecting some computers.

July 7, 2021 by Robert Eyler

There are 129 dell computers that has a vulnerability with the BIOS (Basic Input Output System).

The quick summary: Need to update your Dell BIOS manually. If you do not feel or do not want to do it you can give me a text or call me at (864)494-6089 or email me robert@roberts-computer.com

BIOS is essentially embedded software on the system and the first things that runs on the computer after power on and it is behind the computer logo.

What the problem is that it’s still just software. Dell has this product called BIOSConnect that allows a computer in BIOS to call – phone home to Dell for support purposes. So, it can update the firmware on the system. if you’ve lost your operating system and you can’t get it to boot or something’s missing, you can actually still get this thing to connect to the Dell servers in BIOS because that’s always going to be there.

But what’s happened here is the first vulnerability that they found, that Elysium found, is a problem with TLS certificates. And TLS is Transport Layer Security. It’s how the internet works. But this software is written in C code. Which at a very low level, so getting that TLS handshake correct is important, and Dell didn’t do that here. In fact, this system – if you have a privileged network attacker on the network, and they can intercept, like, a DNS call out to the Google DNS server of 8-8-8-8.

They can intercept the communication. Then impersonate Dell and hand back any readily available, freely available TLS certificate, and the software in the BIOS will accept that and say, OK, you’re Dell, right? and any certificate at all, this software says, we’re good here. Just about, as long as it’s not self-signed. It has to be from a certificate authority that’s in the – but those are not easy – not hard to come by. So, if you’re on the network, if the malicious actor is on the network, they can intercept the traffic, they can feedback the – some bogus certificate, and the service will then – the service on that computer will then trust the attacker, and then the attacker can exploit one of three buffer overflow vulnerabilities that were also found in the software. And that allows arbitrary code execution. There’s even one that allows arbitrary code execution in BIOS, so they could completely replace the BIOS of your machine

The end result could be replacing the mother board.

Dell dose have a fix to this problem. However, you should be this done ASPS by August when all of the details will be out in the wild. DO NOT DO IT VIA THE UPDATE TOOL due to you can not trust the tool. When you or someone dose the update. Do it manually.

You can go to dell.com then download the patches.

If you like you can give me a text or call me at (864)494-6089 or email me robert@roberts-computer.com

 

Filed Under: IT News

Share:

Proud member of

Proud Member of the IT Business Owners Group

Robert's Computer Service LLC

864-494-6089

Spartanburg, SC 29301

What are you looking for?

Testimonials

  • Really great. Robert returned my call quickly. Picked up my computer the same day. Diagnosed it. Ordered and installed new drive. Brought it back on a Sunday. I restored my system from a backup and was up and going again in 3 days after it failed. Never had to leave the house. Read More
    John – Inman, SC
  • We met with Robert and discussed our computer needs. He repaired 1 computer and set up another computer for me. He is very personable, polite and knowledgeable about his job. He followed up with me and worked remotely with me to make adjustments also. His turn around is very quick and I would recommend him... Read More
    Sharon
  • I've been very pleased with their service. They were very knowledgeable and they worked very well in every problem of my system. Read More
    Hugh
  • He is very good and knowledgeable. I would recommend him and I would hire him again. Read More
    Pat
  • I've known Robert since 2005 and I'll say he's one of the most genuine and ethical to work with. We've established a good friendship because of it. Keep up the good work Robert. Read More
    Alan
    Spartanburg, SC
  • Robert is honest and trustworthy. Always polite and goes the extra mile. He has taken care of my computers for years. Read More
    Lynne
  • Robert is an excellent tech and very personable. He has been extremely helpful any time I have a question. Thank you Robert ! Read More
    Lori Tisinai
  • Robert has been life-saver for our company, which has become very dependent on our computers, and has helped with printing solutions as well. If we have an issue, he is our very first call. Read More
    Scott
    Spartanburg ,SC
  • Robert has been working on my machines for several years. He does an outstanding job with keeping our equipment updated. He is very responsive when we need assistance by his Remote Access Support or by coming to our home when it is required. Robert is very professional. Read More
    Hugh
    Spartanburg SC
  • Thanks Robert for all of the years of service you have given me. You have always gone above and beyond my expectation and do it with a kindness that rare these days. Read More
    Lydia
    Mauldin SC

Copyright © 2023 · Robert's Computer Service LLC · Powered by Tech Site Builder