News

Microsoft and Eclypsium got into serious debate over Dell SupportAssist vulnerabilities

Debates about the recently disclosed vulnerabilities in Dell SupportAssist still continue, although the vulnerabilities have already been fixed, as the information security company Eclypsium sharply reacted to Microsoft’s notification about this issue.

These are four vulnerabilities in the Dell SupportAssist Remote Firmware Update utility that could allow arbitrary code to run on some PCs.

The security notice was released last week, and since March 2021 (well before the notice was released) Dell has been working with Eclypsium to fix the issues. All vulnerabilities have been patched since June 24, Dell said. The company also posted a workaround for those unable to immediately install BIOS updates by disabling HTTPS boot and BIOSConnect functionality.

According to Eclypsium, the problem is that attacks even work on PCs with a secure kernel and can affect user data.

According to Eclypsium, Microsoft denied it was possible to bypass the System Guard firmware protection with the published method.

The attack described in the published study bypasses the protection provided by Secure Boot. However, PCs with a secure kernel go even further and implement System Guard firmware protection, which helps protect critical assets from attacks that exploit vulnerabilities in the firmware to bypass features such as Secure Boot.

The secure kernel threat model assumes the presence of compromised firmware, as in the case presented here, and therefore the described attack will still be subject to security checks using the firmware protection functions in the secure kernel. Failure to validate System Guard will result in the system failing to pass attestation, and Zero Trust solutions such as Microsoft’s conditional access will block the device from accessing the secure cloud.

The documentation provided by the researchers does not demonstrate how the discovered vulnerabilities can be used to bypass System Guard.Microsoft said.

However, Eclypsium researchers who discovered the vulnerabilities disagree with Microsoft’s statement. According to Eclypsium specialist John Loucaides, the attack works on Dell PCs, including those with a secure core, and affects user data.

Microsoft’s response is just idle talk to divert attention from what we actually said.Lucaides said.

As the specialist explained, remote attestation for access to cloud resources is irrelevant and does not in any way prevent the exploitation of vulnerabilities in the UEFI firmware to execute arbitrary code in a pre-boot environment and then access user data.

Indeed, Microsoft seems to be buzzing around the issue, worrying more about the cloud.

The company did not comment on Lucaides’ statement in any way.

Let me remind you that we wrote that Cybersecurity experts discovered the second ever bootkit for UEFI.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

1 day ago