Microsoft and Eclypsium got into serious debate over Dell SupportAssist vulnerabilities

Debates about the recently disclosed vulnerabilities in Dell SupportAssist still continue, although the vulnerabilities have already been fixed, as the information security company Eclypsium sharply reacted to Microsoft’s notification about this issue.

The security notice was released last week, and since March 2021 (well before the notice was released) Dell has been working with Eclypsium to fix the issues. All vulnerabilities have been patched since June 24, Dell said. The company also posted a workaround for those unable to immediately install BIOS updates by disabling HTTPS boot and BIOSConnect functionality.

According to Eclypsium, the problem is that attacks even work on PCs with a secure kernel and can affect user data.

According to Eclypsium, Microsoft denied it was possible to bypass the System Guard firmware protection with the published method.

However, Eclypsium researchers who discovered the vulnerabilities disagree with Microsoft’s statement. According to Eclypsium specialist John Loucaides, the attack works on Dell PCs, including those with a secure core, and affects user data.

As the specialist explained, remote attestation for access to cloud resources is irrelevant and does not in any way prevent the exploitation of vulnerabilities in the UEFI firmware to execute arbitrary code in a pre-boot environment and then access user data.

Indeed, Microsoft seems to be buzzing around the issue, worrying more about the cloud.

The company did not comment on Lucaides’ statement in any way.

Let me remind you that we wrote that Cybersecurity experts discovered the second ever bootkit for UEFI.