Technical Support: 412-349-6678 | Incident Response

Dell BIOS Bomb, Available Upgrades & New Vulnerabilities

Recent patches and defining vulnerabilities

Manufacturers always strive to put their best foot forward, and typically pride themselves on making a better product.

But even with the best of intentions, sometimes new updates simply don’t work as planned. With new features sometimes come new security problems, new headaches, or the need for costly new hardware. 

Such is the case with recent releases of Dell SupportAssist, Western Digital’s My Book NAS, and Microsoft’s new Windows Operating system.

Bringing with them new flaws and vulnerabilities, these are just a few of the latest issues you should know about.

Dell BIOS Bomb: Updates and Vulnerabilities

Recently, it was revealed that more than 30 million Dell devices remain vulnerable to remote code execution, thanks to a bug in Dell’s SupportAssist.

Dell’s SupportAssist software typically comes preinstalled on Windows computers with a BIOSConnect feature. The feature is intended to provide firmware updates and recovery options for the operating system.

Unfortunately, update requests can be intercepted on 129 Dell models of desktops, laptops, and tablets, Once the updates are intercepted, they can be used to hijack control of the device’s boot process.

In order to resolve the issue, Dell released BIOS/UEFI updates on their website, which should be used instead of the BIOSConnect feature.

Be aware that this is a rather unusual type of update, outside of the typical process.

As a result, IT managers need to verify if this upgrade is covered under their service contracts. If systems can’t be immediately upgraded, Dell recommends disabling BIOS Connect from the BIOS setup page or via Dell’s remote system management tools.

Active Directory
Four Quick, Easy Tips to Boost Your Active Directory - Click image to read more.

My Book NAS Mystery Deletion

In a recent and rude surprise, many owners of the Western Digital (WD) My Book network accessible storage (NAS) devices suddenly discovered that their devices had been factory reset and all of their files deleted.

Even though some users were able to recover files using the PhotoRec recovery tool, many others were completely out of luck.

The cause of this issue is undetermined, but WD recommends that users disconnect the NAS devices from the internet. These devices have not had any upgrades since 2015, but remote code execution vulnerabilities have since been reported in them.

Even though it’s too late to prevent deletion on our existing WD devices, the event still serves as a reminder.

Make sure all important data is properly backed up, and pay attention to network devices that no longer receive proper upgrades.

Older devices such as the My Book should be budgeted for replacement as soon as possible.

Headaches Created by the Recent Windows 11 Upgrade

This year’s upcoming holiday release of Windows 11 hints of future upgrade requirements that organizations need to include in their budgets. For example, the next Windows release requires the Trusted Platform Module (TPM) to secure the local hardware.

Although more recent motherboards have TPM built in, it may need to be enabled. If TPM isn’t built in, it might need to be purchased for around $25. While not a huge expense, keep in mind you also need to account for IT’s time to work on the BIOS for our devices.

Older machines without TPM won’t be able to run Windows 11. To account for this, Microsoft is also releasing a new upgrade for Windows 10 around the same time, to avoid the need for immediate replacement. However, there’s no way of knowing how long that will last.

IT managers can download and run the PT Health Check app to check which devices will meet the minimum requirements to run Windows 11.

In the meantime, you’ll want to start making a list of obsolete devices on your networks, and budgeting for their replacement over the next few years.

Outsourcing to the Rescue

In IT, it always seems like problems arrive at the worst possible time. Usually, teams are already swamped with work when headaches strike. 

Unfortunately, you don’t usually have the luxury of putting off fixes, since those often lead to attacks – even more time consuming and costly. Luckily, there’s no reason your business and team need to stress over tackling solutions alone.

Does your team need short term help to locate and fix vulnerable Dell computers? Or would you rather outsource regular upgrades to have the time to work on emergencies? No matter what situation your business is in, outsourcing is a great way to free up time and get results.

Ideal Integrations can help relieve the burden with a variety of options. Call us at 412-349-6680 or fill out the form below and we’ll be happy to discuss what works best for your team.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.