Summary

Your Windows login isn’t exactly military-grade security, but you may typically sleep with the peace of mind that no one will get into your computer unless they know your password, and no one should be able to. Right now, though, an exploit is letting some malicious actors past a number of computers, but the good part is that fixes are already out.

A set of five critical vulnerabilities, collectively dubbed “ReVault,” have been discovered in the firmware of over 100 models of Dell business laptops. The flaws could allow an attacker with physical access to bypass the Windows login, gain complete administrator control, and install malicious software that remains on the device even after the operating system is reinstalled. The issue itself, and the reason why it affects Dell computers but not others, lies within Dell ControlVault, a hardware-based suite that ships with a number of Dell computers. It operates on a dedicated chip located on a separate daughterboard, known as the Unified Security Hub (USH).

This “vault” stores data like passwords, biometric information (fingerprints), and security codes, isolating them from the main operating system to prevent tampering. It’s also what’s being used as the entry point for these vulnerabilities. The five vulnerabilities, affecting both the ControlVault firmware and its Windows software interfaces, can be chained together to inflict more damage on a target. The most alarming threat is the ability to achieve arbitrary code execution directly on the USH firmware. This allows an attacker to create persistent implants—malicious code that lives on the hardware itself, making it undetectable by standard antivirus software and capable of surviving a full wipe and reinstallation of Windows.

An attacker could also log into your Windows computer without needing any credentials, elevate a local user account and give it administrator permissions, and even render the fingerprint scanner useless and have it accept any fingerprint. The silver lining here is that for an attacker to get into your computer, they would need physical access to it, at least for the login part. The vulnerabilities impact a wide range of Dell’s business-class Latitude and Precision laptops, but a lot of these laptops are also frequently bought as consumer laptops, so the warning is probably still necessary.

The good part is that Dell is aware of these flaws and has already released security updates to patch them. If you haven’t downloaded any updates in a while and you have a vulnerable model, you might want todownload the latest security patches to your PC, just so you’re able to keep your hardware fully safe.