Hundreds of millions of Dell computers have been exposed to security holes for more than 10 years without anyone knowing

Tram Ho

The Dell line of dekstop, laptop and tablet made after 2009 is at risk of being exploited and granting administrator access to the system. Accordingly, hundreds of millions of Dell computers could be attacked if hackers exploit this vulnerability.

Hàng trăm triệu máy tính Dell dính lỗ hổng bảo mật từ hơn 10 năm nay mà không ai biết - Ảnh 1.

The cause is indicated by five security flaws in the system drive found on most Dell computers manufactured after 2009. The vulnerability group CVE 2021-21551 can be used to crash the system. system, stealing information and even altering privileges to take complete control of the computer. The vulnerability can be exploited as soon as the user logs in to the machine or when opening applications.

Kasif Dekel, senior security researcher at SentinelOne warns: “While we have not seen any signs of these vulnerabilities being exploited massively, with hundreds of millions of businesses and users. There is a high risk that attackers will find vulnerabilities soon if we do not act accordingly. “

Bugs can be found on Dell’s firmware and driver update page and it is worth mentioning that this vulnerability is very easy to exploit. In essence, the Dell driver accepts commands from any user or program on the machine without performing security checks or access control to determine the privileges of the person issuing the command.

Hàng trăm triệu máy tính Dell dính lỗ hổng bảo mật từ hơn 10 năm nay mà không ai biết - Ảnh 2.

System-specific commands are the IOCTL command that instructs the driver to move memory content from one location to another, thereby allowing an attacker to read and write arbitrary RAM. When reaching this step, almost the operating system on the victim’s computer has been controlled by the bad guy and can be installed with rootkit tools for the bad guys to control and attack the computer remotely without being detected.

Dell PC drivers also read and write I / O ports. In total, there are two memory errors, two input validation errors and one logic error. Some of them are relatively easy to exploit, although others are more difficult to exploit.

After bug hunters reported to Dell about these bugs in December 2020, Dell released a patched driver update and question-and-answer (FAQ) set for this topic. The patch is expected to be released from May 10.

Refer to Softpedia

Share the news now

Source : Genk