... [+]giant's devices.Neilson Barnard/WireImageFor 12 years, some “high severity” weaknesses have been resident in a component that’s run on Dell PCs running Microsoft Windows, a cybersecurity company has warned. The vulnerabilities require that a hacker already have some level of access to an affected computer, but allow them to gain almost total control of the PC. Hundreds of millions of devices are at risk and should patch on Tuesday, as Dell has released an update for its customers.
The weaknesses lay in the BIOS, the code responsible for launching the PC and its operating system. If a hacker can gain control over that section of a computer, in what’s also referred to as gaining kernel-level privileges, they can do almost anything they want to the PC, whether that’s locking up all the files within, destroying them or installing code that spies on all user activity.
Five vulnerabilities were discovered by researchers from cybersecurity firm SentinelOne in a driver for Dell PCs’ BIOS, in particular the DBUtil driver. It normally installs and runs during a BIOS update to allow the code to communicate with the hardware. headtopics.com
Though SentinelOne isn’t providing full details of its findings to allow Dell and its users time to update, in a research report handed toForbesahead of publication, one of the most obvious issues with the driver is that it allows any process to communicate with it, which “is often a bad practice since drivers operate with the highest of privileges.”
The weaknesses were first reported to Dell in December 2020. The researcher who discovered the issues, Kasif Dekel, said that one of the most obvious abuses of such vulnerabilities would be to “bypass security products.” “The impact this could have on users and enterprises that fail to patch is far-reaching and significant,” he wrote in his research report.Read more: Forbes »
Billions of cicadas are about to emerge. Here's what to expect - CNN Video
Billions of cicadas will soon appear in the eastern US, the biggest emergence event since 2004. CNN's Tom Foreman reports.