DSA-2022-053: Multiple SMM Vulnerabilities
Dell recently released a new security advisory covering 5 new vulnerabilities in the System Management Mode (SMM) of multiple of their models including Alienware, Inspiron, Vostro, and XPS. All 5 of the vulnerabilities got a CVSS base score of 8.2 and "Dell recommends all customers update at the earliest opportunity".
Attackers that can successfully exploit the vulnerability could potentially execute code on the system. SMM code that is executed is always executing using the highest privilege level while also being undetectable by the operating system, this potent combination makes this vulnerability an ideal candidate for deploying malicious firmware to affected devices that would lead to more severe issues down the road.
Discover Vulnerable Devices
Dell's security advisory contains a list of all vulnerable devices, and the new BIOS versions released. We've used this information to create a special Lansweeper report that will provide a list of all devices in your environment that might be affected by the vulnerabilities while also listing the device's BIOS data and which BIOS version Dell recommends to install to protect against these new vulnerabilities.