If you own a Dell computer, you should update the BIOS for security reasons. Attackers can exploit vulnerabilities in the BIOS of various Dell PCs and, in the worst case, execute malicious code. Security updates are available for download. The computer manufacturer is not currently stating whether there have already been attacks. Nevertheless, owners of affected models should install the security patches as soon as possible.
The most dangerous is a vulnerability (CVE-2023-28073 ” high “) in the BIOS of the Latitude 5530 and Precision 3570 models. Due to errors in authentication, local attackers who have already been authenticated can gain higher user rights. In such a position, attackers can often completely compromise systems. Dell claims to have fixed the bug in BIOS version 1.13.2.
Malicious code vulnerability with hurdle
Because an attacker must have physical access to a vulnerable PC, the malicious code vulnerability (CE-2023-32480) is only classified as a ” medium ” threat level. This can happen because entries are not checked sufficiently. According to Dell, authentication is not required for this. After successful malicious code attacks, attackers can usually gain full control over the computer. This affects several models such as the Inspiron and Vostro, which Dell lists in a warning message. The BIOS versions secured against the attacks are also listed there.
The third vulnerability (CVE-2023-28064 low ) can lead to DoS conditions. The attack is based on a memory error (out-of-bounds), which attackers can trigger in a way that is not described in detail. The vulnerable models and repaired BIOS firmware can be found in a warning message.