• Home
  • |
  • Blog
  • |
  • How To Fix The BIOSConnect And HTTPS Boot Vulnerabilities Found On 129 Dell Models (30 Million Devices)?
How to Fix the BIOSConnect and HTTPS Boot Vulnerabilities

Cybersecurity researchers revealed a series of BIOSConnect and HTTPS Boot Vulnerabilities on 129 different models of Dell laptops, tablets, and desktops. Estimates at least 30 million individual devices. Doesn’t this data show how big the problem is? Before hackers use this opportunity to turn this into a gold mine. We recommend our readers fix the BIOSConnect and HTTPS Boot Vulnerabilities on their affected modules. We have shown a complete process on how to fix the BIOSConnect and HTTPS Boot Vulnerabilities in the post. Please go through each step to fix them up.

Note: We request to read the post: ‘How Attackers Abuse the Dell BIOSConnect and HTTPS Boot Vulnerabilities to Compromise the Dell Computers?‘ to know more about BIOSConnect and HTTPS Boot Vulnerabilities.

Prerequisites To Exploit The BIOSConnect And HTTPS Boot Vulnerabilities:

Attackers can’t easily launch the attack and compromise the machine. There are few prerequisites for an attacker for a successful attack.

BIOSConnect vulnerability exploits prerequisites:

  1. Access to the user’s network.
  2. A certificate, trusted by one of the Dell UEFI BIOS built-in Certificate Authorities.
  3. A request from BIOSConnect to the Dell server.

HTTPS Boot vulnerability exploits prerequisites:

  1. Access to the user’s network.
  2. A certificate, trusted by one of the Dell UEFI BIOS built-in Certificate Authorities.
  3. A vulnerable machine on which boot order is set to HTTPS boot.

How To Fix The BIOSConnect And HTTPS Boot Vulnerabilities:

Dell has released a few remediations and mitigations for users. Users can further protect themselves by following these recommendations.

  1. Users have been asked to use secured networks and prevent unauthorized local and physical access to devices.
  2. Dell has asked the users to enable platform security features such as Secure Boot and BIOS Admin Password for additional protection.
  3. No action required on CVE-2021-21573 and CVE-2021-21574 as these two vulnerabilities were remediated on 28th May, 2021.
  4. The other two CVE-2021-21571 and CVE-2021-21572 vulnerabilities would require system BIOS updates to address the vulnerabilities. Please check out the affected device table from the post to find out the required BIOS version.
  5. Users can’t go with BIOS updates immediately. They can disable the BIOSConnect and HTTPS Boot feature on the system BIOS.

How To Update The Dell System BIOS?

There are multiple ways to update BIOS. However, Dell recommends three ways to update system BIOS.

#1. Dell Notification Solutions: 

Use any of the tools to be notified and download BIOS updates automatically once available.

  1. Dell SupportAssist
  2. Dell Update
  3. Dell Command Update
  4. Dell Notifications
 Dell SupportAssistDell UpdateDell Command UpdateDell Notifications
Platforms supportedInspiron, XPS, Latitude, Vostro, Venue, Alienware Inspiron, Vostro, XPS, AlienwareLatitude, OptiPlex,Precision, Venue ProTablets, XPS NotebooksAll systems
Compatible Operating systemsWindows 7, Windows 8.1,Windows 10Windows7, Windows 8.1, Windows 10Windows 7,Windows 8.1,Windows 10All supported
Notification LevelAll updatesAll updatesAll updatesAll updates
Notification MethodologyNotifications pushed through SupportAssistWindows event notifications Windows event notifications pulled on command or scheduled for automatic check/updates on a continuous basis Email or SMS
 Administrator rights required to runYesNoYes (2.4) No (3.0)No
Reinstallation linkDell SupportAssistDell Update(Windows 7 and 8.1) Dell Update(Windows 10 32 & 64 bit)Dell Command | Update (CLI) (Windows 7, Windows 8.1, Windows 10)Dell Command | Update (Windows 10 RedStone 1 and later) 

#2. Download Drivers And Update BIOS:

  1. Browse to the Dell Drivers & downloads page.
  2. Let it identify your Dell product.
  3. Click on ‘Download & Install SupportAssist’. Follow the instructions to install Dell SupportAssist. For more information, visit the Dell knowledge base article Dell SupportAssist (formerly Dell System Detect): Overview and Common Questions.
  4. If your prodect doesn’t get detected, enter the Service Tag, Express Service Code, or the Serial number of the Dell product and click Search.
  5. Or else, manually select your Dell product from the catalog by clicking on Browse all products.
  6. Select the Operating System.
  7. Under Category, select BIOS.
  8. Locate the latest System BIOS, Download and save the file.
  9. Browse to the location where the downloaded file was saved. Double-click the downloaded BIOS setup file and follow the instructions to complete the installation process.

#3. Flashing The BIOS From The F12 One-Time Boot Menu:

Users can install BIOS update from Windows. If the computer fails to boot Windows, users can install the update using the F12 One Time Boot menu. Most of the Dell devices released after 2012 will be shipped with this feature. You can confirm the feature in the system BIOS. Hit the F12 key during the boot process and enter it into the BIOS. If you see the BIOS FLASH UPDATE option under the boot option, then your system supports this method. Click here to see more details.

How To Disable The BIOSConnect And HTTPS Boot?

Dell recommends installing the BIOS updates immediately; however, users who can’t update the BIOS anytime soon disable the BIOSConnect and HTTPS Boot.

Disable BIOSConnect:

There are two options available to disable the BIOSConnect.

Option 1: Disable BIOSConnect from the BIOS setup page.

Users may need to locate the BIOSConnect option on the BIOS setup page. Users can find it in two different places depending on the type of BIOS setup menu.

BIOS Setup Menu Type A: F2 > Update, Recovery > BIOSConnect > Switch to Off.
BIOS Setup Menu Type B: F2 > Settings > SupportAssist System Resolution > BIOSConnect > Uncheck BIOSConnect option.

Option 2: Users can use Dell Command | Configure (DCC) tool to disable the BIOSConnect.

Disable HTTPS Boot:

There are two options available to disable the HTTPS Boot.

Option 1:

BIOS Setup Menu Type A: F2 > Connection > HTTP(s) Boot > Switch to Off.
BIOS Setup Menu Type B: F2 > Settings > SupportAssist System Resolution > BIOSConnect > Uncheck BIOSConnect option.

Option 2: Users can use Dell Command | Configure (DCC) tool to disable the HTTPS Boot.

Thanks for reading this post. Please share this information with one who owns the Dell computer and make them aware about the vulnerabilities.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.