It’s been awhile since I’ve posted anything from my line of work – but this one is pretty large and I just wanted to give my friends a heads up. Dell has a driver that can be used by anyone that has access to your laptop, workstation, server etc…to gain admin rights to your system from a simple standard user account. They are working on and just released a new firmware update utility to mitigate this risk.

I urge anyone to make sure you apply updates – I would start by reading and following the Dell announcment:

https://www.dell.com/support/kbdoc/en-in/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

Want to geek out and see who found it and more – follow:

CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

and:

https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html