Security vendor Eclypsium has reacted strongly to Microsoft's rebuttal of its report on critical vulnerabilities in the SupportAssist remote firmware update utility on Dell devices. In its original disclosure last week, Eclypsium said the vulnerabilities also apply to Dell Stable devices running Microsoft's Secure Security feature, which runs System Guard firmware. This led Microsoft to produce a statement noting that the security vendor had failed to "prove how System Guard could be circumvented using the discovered vulnerabilities." Now, Eclypsium's vice president of R&D, John Loucaides, has hit back at Microsoft, saying the software giant was trying to "distract from what we're really saying."
he claimed he said
In its statement, Microsoft asserts that the Eclypsium attack circumvents the protections provided by Secure Boot. The company claims that secure-core computers, thanks to System Guard firmware, help guard against attacks that take advantage of firmware vulnerabilities that kill features like secure boot. "The secure kernel threat model accepts compromised firmware, such as the case presented here, and consequently, the attack as described would still be subject to security verification by the firmware protection features in secure kernel," Microsoft stated. . The software giant added that in the attack vector described by Eclypsium, System Guard would cause system certification to fail, leading to zero-trust solutions like Microsoft's Conditional Access to prevent the device from accessing protected resources on the Internet. cloud. Eclypsium, however, thinks Microsoft is needlessly compounding the problem by talking about data security in the cloud, avoiding the fact that the rickety pre-boot environment can be abused to access data stored on the device. "Remote attestation for access to cloud assets is inconsequential and does not prevent exploitation of a vulnerability in UEFI firmware to gain arbitrary code execution in the preboot environment and leverage to access user data on the device or get arbitrary code execution when a user logs into the system,” Loucaides said.