Dell, Microsoft Windows, Windows, Microsoft, Sentinellabs, Cybersecurity, Security, Bios, Pcs

Dell, Microsoft Windows

Warning: ‘Hundreds Of Millions At Risk’ From 12-Year-Old Vulnerabilities Lying Deep In Dell PCs

Users of Dell’s Windows PCs urged to update as soon as possible, as existing flaws allow deep access to its computers.

5/5/2021 4:42:00 AM

For 12 years, some “high severity” weaknesses have been resident in a component that’s run on Dell PCs running Microsoft Windows

Users of Dell ’s Windows PCs urged to update as soon as possible, as existing flaws allow deep access to its computers.

... [+]giant's devices.Neilson Barnard/WireImageFor 12 years, some “high severity” weaknesses have been resident in a component that’s run on Dell PCs running Microsoft Windows, a cybersecurity company has warned. The vulnerabilities require that a hacker already have some level of access to an affected computer, but allow them to gain almost total control of the PC. Hundreds of millions of devices are at risk and should patch on Tuesday, as Dell has released an update for its customers.

Texas Students to Hear from Astronauts on Space Station First Look at Sebastian Stan as Tommy Lee, Lily James as Pamela Anderson For Hulu Series ‘Pam and Tommy’ Utah Supreme Court upholds rights of trans persons to change name and sex on state records

The weaknesses lay in the BIOS, the code responsible for launching the PC and its operating system. If a hacker can gain control over that section of a computer, in what’s also referred to as gaining kernel-level privileges, they can do almost anything they want to the PC, whether that’s locking up all the files within, destroying them or installing code that spies on all user activity.

Five vulnerabilities were discovered by researchers from cybersecurity firm SentinelOne in a driver for Dell PCs’ BIOS, in particular the DBUtil driver. It normally installs and runs during a BIOS update to allow the code to communicate with the hardware. headtopics.com

Though SentinelOne isn’t providing full details of its findings to allow Dell and its users time to update, in a research report handed toForbesahead of publication, one of the most obvious issues with the driver is that it allows any process to communicate with it, which “is often a bad practice since drivers operate with the highest of privileges.”

The weaknesses were first reported to Dell in December 2020. The researcher who discovered the issues, Kasif Dekel, said that one of the most obvious abuses of such vulnerabilities would be to “bypass security products.” “The impact this could have on users and enterprises that fail to patch is far-reaching and significant,” he wrote in his research report.

Read more: Forbes »

Billions of cicadas are about to emerge. Here's what to expect - CNN Video

Billions of cicadas will soon appear in the eastern US, the biggest emergence event since 2004. CNN's Tom Foreman reports.