Blog

GoDaddy Breached – Plaintext Passwords – 1.2M Affected

This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Note that this number does not include the number of customers of those websites that are affected by this breach, and some GoDaddy customers have multiple Managed WordPress sites in their accounts.

According to the report filed by GoDaddy with the SEC [1], the attacker initially gained access via a compromised password on September 6, 2021, and was discovered on November 17, 2021 at which point their access was revoked. While the company took immediate action to mitigate the damage, the attacker had more than two months to establish persistence, so anyone currently using GoDaddy’s Managed WordPress product should assume compromise until they can confirm that is not the case.

It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them.

According to their SEC filing: “For active customers, sFTP and database usernames and passwords were exposed.

We attempted to contact GoDaddy for comment and to confirm our findings, but they did not immediately respond to our requests for comment.

What did the attacker have access to?

The SEC filing indicates that the attacker had access to user email addresses and customer numbers, the original WordPress Admin password that was set at the time of provisioning, and SSL private keys. All of these could be of use to an attacker, but one item, in particular, stands out:

During the period from September 6, 2021, to November 17, 2021, the sFTP and database usernames and passwords of active customers were accessible to the attacker. 

GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices.

We confirmed this by accessing the user interface for GoDaddy Managed Hosting and were able to view our own password, shown in the screenshot below. When using public-key authentication or salted hashes, it is not possible to view your own password like this because the hosting provider simply does not have it.

You’ll also note that the system is using port 22, which is Secure File Transfer Protocol. There are several kinds of sFTP, and this confirms that they’re using sFTP via SSH, which is encrypted, and designed to be one of the most secure ways to transfer files. Storing plaintext passwords, or passwords in a reversible format for what is essentially an SSH connection is not a best practice.

GoDaddy appears to acknowledge that they stored database passwords as plaintext or in a reversible format. These are also retrievable via their user interface. Unfortunately storing database passwords as plaintext is quite normal in a WordPress setting, where the database password is stored in the wp-config.php file as text. What is more surprising, in this breach, is that the password that provides read/write access to the entire filesystem via sFTP is stored as plaintext.

What could an attacker do with this information?

While the SEC filing emphasizes the potential phishing risk posed by exposed email addresses and customer numbers, the risk posed by this is minimal compared to the potential impact of exposed sFTP and database passwords.

Although GoDaddy immediately reset the sFTP and Database passwords of all the impacted sites, the attacker had nearly a month and a half of access during which they could have taken over these sites by uploading malware or adding a malicious administrative user. Doing so would allow the attacker to maintain persistence and retain control of the sites even after the passwords were changed.

Additionally, with database access, the attacker would have had access to sensitive information, including website customer PII (personally identifiable information) stored on the databases of the impacted sites, and may have been able to extract the contents of all impacted databases in full. This includes information such as the password hashes stored in the WordPress user accounts databases of affected sites, and customer information from e-Commerce sites.

An attacker could similarly gain control on sites that had not changed their default admin password, but it would be simpler for them to simply use their sFTP and database access to do so.

On sites where the SSL private key was exposed, it could be possible for an attacker to decrypt traffic using the stolen SSL private key, provided they could successfully perform a man-in-the-middle (MITM) attack that intercepts encrypted traffic between a site visitor and an affected site.

What should I do if I have a GoDaddy Managed WordPress site?

GoDaddy will be reaching out to impacted customers over the next few days. In the meantime, given the severity of the issue and the data the attacker had access to, we recommend that all Managed WordPress users assume that they have been breached and perform the following actions:

  • If you’re running an e-commerce site, or store PII (personally identifiable information), and GoDaddy verifies that you have been breached, you may be required to notify your customers of the breach. Please research what the regulatory requirements are in your jurisdiction, and make sure you comply with those requirements.
  • Change all of your WordPress passwords, and if possible force a password reset for your WordPress users or customers. As the attacker had access to the password hashes in every impacted WordPress database, they could potentially crack and use those passwords on the impacted sites.
  • Change any reused passwords and advise your users or customers to do so as well. The attacker could potentially use credentials extracted from impacted sites to access any other services where the same password was used. For example, if one of your customers uses the same email and password on your site as they use for their Gmail account, that customer’s Gmail could be breached by the attacker once they crack that customer’s password.
  • Enable 2-factor authentication wherever possible. The Wordfence plugin provides this as a free feature for WordPress sites, and most other services provide an option for 2-factor authentication.
  • Check your site for unauthorized administrator accounts.
  • Scan your site for malware using a security scanner.
  • Check your site’s filesystem, including wp-content/plugins and wp-content/mu-plugins, for any unexpected plugins, or plugins that do not appear in the plugins menu, as it is possible to use legitimate plugins to maintain unauthorized access.
  • Be on the lookout for suspicious emails – phishing is still a risk, and an attacker could still use extracted emails and customer numbers to obtain further sensitive information from victims of this compromise.

Conclusion

The GoDaddy Managed WordPress data breach is likely to have far-reaching consequences. GoDaddy’s Managed WordPress offering makes up a significant portion of the WordPress ecosystem, and this affects not only site owners, but their customers. The SEC filing says that “Up to 1.2 million active and inactive Managed WordPress customers” were affected. Customers of those sites are most likely also affected, which makes the number of affected people much larger.

For the time being, anyone using GoDaddy’s Managed WordPress offering should assume their sites have been compromised until further information becomes available, and follow the steps we have provided in this article. We will update the article if more information becomes available.

References:

  1. GoDaddy SEC Report: https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

Note: All product names, logos, and brands are property of their respective owners in the United States and/or other countries. All company, product, and service names used on this page are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.

Source :
https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/

How to block the Windows 11 update from being installed on your PC

Microsoft finally pulled back the curtain on Windows 11 last month. The company once said that Windows 10 would be the last ever version of the desktop operating system, but plans changed. Windows 11 will roll out to the general public later this year. As long as you’ve got a compatible device, you’ll be able to upgrade and take advantage of all the new features. But what if you’d prefer to stay on Windows 10 for the time being? Thankfully, if you want to block Windows 11, you can do so with relative ease. Read on to find out how.

Microsoft already made it clear that the Windows 11 update won’t be forced upon Windows 10 users at launch. If you want to upgrade, you will have to do so manually by heading to Settings > Update & Security > Windows Update. Simply avoid that menu once Windows 11 launches and you should not have to worry about the update trying to install itself any time soon.

As Ghacks notes in an extensive guide, you can go even further to block Windows 11. If you Windows 10 Pro, Education, or Enterprise, it is possible to delay feature update installations. You can do so with the Group Policy Editor and Windows Registry, but you might not want to take action yet. Windows 10 version 21H2 is also in the works, and you will block it as well if you disable feature updates.

It might be best to hold off, but here’s what you need to do to block Windows 11:

Block Windows 11 with Group Policy Editor

  1. Open the Start Menu.
  2. Type gpedit.msc and load the Group Policy Editor once it is displayed in the search results.
  3. Go to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business
  4. Double-click on “Select the target feature update version”.
  5. Set the policy to Enabled.
  6. Type 21H1 into the field.
  7. Close the Group Policy Editor.

Block Windows 11 with Registry Editor

  1. Open the Start Menu.
  2. Type regedit.exe and select the Registry Editor search result.
  3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate.
  4. Set the Dword TargetReleaseVersion to 1. If the value does not exist, right-click on Windows Update, and select New > Dword (32-bit) Value.
  5. Set the value of TargetReleaseVersionInfo to 21H1. If the value does not exist, right-click on Windows Update, and select New > String Value.
  6. Restart the PC.

Once Windows 10 21H2 appears on Microsoft’s website, you can switch over to it instead.

There are sure to be some bugs and issues in Windows 11 at launch. The new features and refreshed design should be enough to convince most users to update, but now you know how to block it. Microsoft plans to support Windows 10 through 2025. In other words, there’s no rush to update if you’re happy with what Windows 10 currently offers.

Source :
https://bgr.com/tech/how-to-block-the-windows-11-update-from-being-installed-on-your-pc/

Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration

Interactive livestreaming platform Twitch acknowledged a “breach” after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools.

The Amazon-owned service said it’s “working with urgency to understand the extent of this,” adding the data was exposed “due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.”

“At this time, we have no indication that login credentials have been exposed,” Twitch noted in a post published late Wednesday. “Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”

The forum user claimed the hack is designed to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool.” The development was first reported by Video Games Chronicle, which said Twitch was internally “aware” of the leak on October 4. The leak has also been labeled as “part one,” suggesting that there could be more on the way.

The massive trove, which comes in the form of a 125GB Torrent, allegedly includes —

  • The entirety of Twitch’s source code with commit history “going back to its early beginnings”
  • Proprietary software development kits and internal AWS services used by Twitch
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Information on other Twitch properties like IGDB and CurseForge
  • Creator revenue reports from 2019 to 2021
  • Mobile, desktop and console Twitch clients, and
  • Cache of internal “red teaming” tools designed to improve security

The leak of internal source code poses a serious security risk in that it allows interested parties to search for vulnerabilities in the source code. While the data doesn’t include password related details, users are advised to change their credentials as a precautionary measure and turn on two-factor authentication for additional security.

Source :
https://thehackernews.com/2021/10/twitch-suffers-massive-125gb-data-and.html

New U.S. Government Initiative Holds Contractors Accountable for Cybersecurity

The U.S. government on Wednesday announced the formation of a new Civil Cyber-Fraud Initiative that aims to hold contractors accountable for failing to meet required cybersecurity requirements in order to safeguard public sector information and infrastructure.

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” said Deputy Attorney General Monaco in a press statement. “Well that changes today, [and] we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk.”

The Civil Cyber-Fraud Initiative is part of the U.S. Justice Department’s (DoJ) efforts to build resilience against cybersecurity intrusions and holding companies to task for deliberately providing deficient cybersecurity products or services, misrepresenting their cybersecurity practices or protocols, or violating their obligations to monitor and report cybersecurity incidents and breaches.

To that end, the government intends to utilize the False Claims Act (FCA) to go after contractors and grant recipients for cybersecurity-related fraud by failing to secure their networks and notify about security breaches adequately.

In addition, the DoJ also announced the launch of a National Cryptocurrency Enforcement Team (NCET) to dismantle criminal abuse of cryptocurrency platforms, particularly focusing on “crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.”

The developments also come nearly a week after the U.S. Federal Communications Commission (FCC) laid out new rules to prevent subscriber identity module (SIM) swapping scams and port-out fraud, both of which are tactics orchestrated to transfer users’ phone numbers and service to a different number and carrier under the attacker’s control.

The FCC’s proposal would require amending existing Customer Proprietary Network Information (CPNI) and Local Number Portability rules to mandate wireless carriers to adopt secure methods of confirming the customer’s identity before transferring their phone number to a new device or carrier. On top of that, the changes also suggest requiring providers to immediately notify customers whenever a SIM change or port request is made on their accounts.

Source :
https://thehackernews.com/2021/10/us-justice-dept-launches-civil-cyber.html

CISA, NIST Says Use Cybersecurity Control Systems

Last July 2021, US President Joe Biden signed a memorandum on improving the US’s cybersecurity for critical infrastructure control systems. It establishes a voluntary initiative, encouraging collaboration between the federal government and the critical infrastructure community to improve cybersecurity control.

In line with this memorandum, the Department of Homeland Security (DHS) is instructed to lead the development of preliminary cross-sector control system cybersecurity performance goals and sector-specific performance goals within one year of the memorandum.

The Cybersecurity and Infrastructure Security Agency (CISA), together with the National Institute of Standards and Technology (NIST) performed a primary crosswalk of available control system resources, recommending practices that were produced by the US government and the private sector.

The crosswalk focused on various cybersecurity documents related to best practices and risk mitigation. These documents include CISA Cyber EssentialsNISTIR 8183, Rev 1, “Cybersecurity Framework Version 1.1 Manufacturing Profile, and CISA Pipeline Cyber Risk Mitigation.

Upon review, CISA and NIST have determined nine categories of recommended cybersecurity practices, using the categories as the foundation for preliminary control systems cybersecurity performance goals.

The nine categories are:

  • Risk Management and Cybersecurity Governance, which aims to “identify and document cybersecurity control systems using established recommended practices”.
  • Architecture and Design, which has the objective of integrating cybersecurity and resilience into system architecture in line with established best practices.
  • Configuration and Change Management. This category aims to documents and control hardware and software inventory, system settings, configurations, and network traffic flows during the control system hardware and software lifecycles.
  • Physical Security, which aims to limit physical access to systems, facilities, equipment, and other infrastructure assets to authorized users.
  • System and Data Integrity, Availability, and Confidentiality. This category aims to protect the control system and its data against corruption, compromise, or loss.
  • Continuous Monitoring and Vulnerability Management, which aims to implement and perform continuous monitoring of control systems cybersecurity threats and vulnerabilities.
  • Training and Awareness aims to train personnel to have the fundamental knowledge and skills needed to determine control systems cybersecurity risks.
  • Incident Response and Recovery. This category aims to implement and test control system response and recovery plans with clearly defined roles and responsibilities.
  • Supply Chain Risk Management, which aims to identify risks associated with control system hardware, software, and manage services.

CISA explained that the nine categories’ goals outlined above are “foundational activities for effective risk management”, representing high-level cybersecurity best practices. The agency also said that these are not an exhaustive guide to all facets of an effective cybersecurity program.

As cyber threats and risks become more and more sophisticated and difficult to mitigate, it is important for critical infrastructure owners to future-proof their enterprises, minimizing operational risks and disturbances.

Apart from practices identified by CISA and NIST, owners and users should understand various practical countermeasures that should be considered during their planning and design phases.

Check out our “Best Practices for Securing Smart Factories: Three Steps to Keep Operations Running” to learn more about security issues, defense strategies, and the benefit of efficiently securing factories with minimal TCO.

Source :
https://www.trendmicro.com/en_us/research/21/j/cisa-nist-says-use-cybersecurity-control-systems.html

Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)

On September 29, 2021, the Apache Security team was alerted to a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49. The vulnerability, in some instances, can allow an attacker to fully compromise the web server via remote code execution (RCE) or at the very least access sensitive files. CVE number 2021-41773 has been assigned to this issue. Both Linux and Windows based servers are vulnerable.

An initial patch was made available on October 4 with an update to 2.4.50, however, this was found to be insufficient resulting in an additional patch bumping the version number to 2.4.51 on October 7th (CVE-2021-42013).

Customers using Apache HTTP Server versions 2.4.49 and 2.4.50 should immediately update to version 2.4.51 to mitigate the vulnerability. Details on how to update can be found on the official Apache HTTP Server project site.

Any Cloudflare customer with the setting normalize URLs to origin turned on have always been protected against this vulnerability.

Additionally, customers who have access to the Cloudflare Web Application Firewall (WAF), receive additional protection by turning on the rule with the following IDs:

  • 1c3d3022129c48e9bb52e953fe8ceb2f (for our new WAF)
  • 100045A (for our legacy WAF)

The rule can also be identified by the following description:

Rule message: Anomaly:URL:Query String - Multiple Slashes, Relative Paths, CR, LF or NULL.

Given the nature of the vulnerability, attackers would normally try to access sensitive files (for example /etc/passwd), and as such, many other Cloudflare Managed Rule signatures are also effective at stopping exploit attempts depending on the file being accessed.

How the vulnerability works

The vulnerability leverages missing path normalization logic. If the Apache server is not configured with a require all denied directive for files outside the document root, attackers can craft special URLs to read any file on the file system accessible by the Apache process. Additionally, this flaw could also leak the source of interpreted files like CGI scripts and, in some cases, also allow the attacker to take over the web server by executing shell scripts.

For example, the following path:

$hostname/cgi-bin/../../../etc/passwd

would allow the attacker to climb the directory tree (../ indicates parent directory) outside of the web server document root and then subsequently access /etc/passwd.

Well implemented path normalization logic would correctly collapse the path into the shorter $hostname/etc/passwd by normalizing all ../ character sequences nullifying the attempt to climb up the directory tree.

Correct normalization is not easy as it also needs to take into consideration character encoding, such as percent encoded characters used in URLs. For example, the following path is equivalent to the first one provided:

$hostname/cgi-bin/.%2e/%2e%2e/%2e%2e/etc/passwd

as the characters %2e represent the percent encoded version of dot “.”. Not taking this properly into account was the cause of the vulnerability.

The PoC for this vulnerability is straightforward and simply relies on attempting to access sensitive files on vulnerable Apache web servers.

Exploit Attempts

Cloudflare has seen a sharp increase in attempts to exploit and find vulnerable servers since October 5.

Most exploit attempts observed have been probing for static file paths — indicating heavy scanning activity before attackers (or researchers) may have attempted more sophisticated techniques that could lead to remote code execution. The most commonly attempted file paths are reported below:

/cgi-bin/.%2e/.git/config
/cgi-bin/.%2e/app/etc/local.xml
/cgi-bin/.%2e/app/etc/env.php
/cgi-bin/.%2e/%2e%2e/%2e%2e/etc/passwd

Conclusion

Keeping web environments safe is not an easy task. Attackers will normally gain access and try to exploit vulnerabilities even before PoCs become widely available — we reported such a case not too long ago with Atlassian’s Confluence OGNL vulnerability.

It is vital to employ all security measures available. Cloudflare features such as our URL normalization and the WAF, are easy to implement and can buy time to deploy any relevant patches offered by the affected software vendors.

Source :
https://blog.cloudflare.com/helping-apache-servers-stay-safe-from-zero-day-path-traversal-attacks/

What happened on the Internet during the Facebook outage

It’s been a few days now since Facebook, Instagram, and WhatsApp went AWOL and experienced one of the most extended and rough downtime periods in their existence.

When that happened, we reported our bird’s-eye view of the event and posted the blog Understanding How Facebook Disappeared from the Internet where we tried to explain what we saw and how DNS and BGP, two of the technologies at the center of the outage, played a role in the event.

In the meantime, more information has surfaced, and Facebook has published a blog post giving more details of what happened internally.

As we said before, these events are a gentle reminder that the Internet is a vast network of networks, and we, as industry players and end-users, are part of it and should work together.

In the aftermath of an event of this size, we don’t waste much time debating how peers handled the situation. We do, however, ask ourselves the more important questions: “How did this affect us?” and “What if this had happened to us?” Asking and answering these questions whenever something like this happens is a great and healthy exercise that helps us improve our own resilience.

Today, we’re going to show you how the Facebook and affiliate sites downtime affected us, and what we can see in our data.

1.1.1.1

1.1.1.1 is a fast and privacy-centric public DNS resolver operated by Cloudflare, used by millions of users, browsers, and devices worldwide. Let’s look at our telemetry and see what we find.

First, the obvious. If we look at the response rate, there was a massive spike in the number of SERVFAIL codes. SERVFAILs can happen for several reasons; we have an excellent blog called Unwrap the SERVFAIL that you should read if you’re curious.

In this case, we started serving SERVFAIL responses to all facebook.com and whatsapp.com DNS queries because our resolver couldn’t access the upstream Facebook authoritative servers. About 60x times more than the average on a typical day.

If we look at all the queries, not specific to Facebook or WhatsApp domains, and we split them by IPv4 and IPv6 clients, we can see that our load increased too.

As explained before, this is due to a snowball effect associated with applications and users retrying after the errors and generating even more traffic. In this case, 1.1.1.1 had to handle more than the expected rate for A and AAAA queries.

Here’s another fun one.

DNS vs. DoT and DoH. Typically, DNS queries and responses are sent in plaintext over UDP (or TCP sometimes), and that’s been the case for decades now. Naturally, this poses security and privacy risks to end-users as it allows in-transit attacks or traffic snooping.

With DNS over TLS (DoT) and DNS over HTTPS, clients can talk DNS using well-known, well-supported encryption and authentication protocols.

Our learning center has a good article on “DNS over TLS vs. DNS over HTTPS” that you can read. Browsers like Chrome, Firefox, and Edge have supported DoH for some time now, WAP uses DoH too, and you can even configure your operating system to use the new protocols.

When Facebook went offline, we saw the number of DoT+DoH SERVFAILs responses grow by over x300 vs. the average rate.

So, we got hammered with lots of requests and errors, causing traffic spikes to our 1.1.1.1 resolver and causing an unexpected load in the edge network and systems. How did we perform during this stressful period?

Quite well. 1.1.1.1 kept its cool and continued serving the vast majority of requests around the famous 10ms mark. An insignificant fraction of p95 and p99 percentiles saw increased response times, probably due to timeouts trying to reach Facebook’s nameservers.

Another interesting perspective is the distribution of the ratio between SERVFAIL and good DNS answers, by country. In theory, the higher this ratio is, the more the country uses Facebook. Here’s the map with the countries that suffered the most:

Here’s the top twelve country list, ordered by those that apparently use Facebook, WhatsApp and Instagram the most:

CountrySERVFAIL/Good Answers ratio
Turkey7.34
Grenada4.84
Congo4.44
Lesotho3.94
Nicaragua3.57
South Sudan3.47
Syrian Arab Republic3.41
Serbia3.25
Turkmenistan3.23
United Arab Emirates3.17
Togo3.14
French Guiana3.00

Impact on other sites

When Facebook, Instagram, and WhatsApp aren’t around, the world turns to other places to look for information on what’s going on, other forms of entertainment or other applications to communicate with their friends and family. Our data shows us those shifts. While Facebook was going down, other services and platforms were going up.

To get an idea of the changing traffic patterns we look at DNS queries as an indicator of increased traffic to specific sites or types of site.

Here are a few examples.

Other social media platforms saw a slight increase in use, compared to normal.

Traffic to messaging platforms like Telegram, Signal, Discord and Slack got a little push too.

Nothing like a little gaming time when Instagram is down, we guess, when looking at traffic to sites like Steam, Xbox, Minecraft and others.

And yes, people want to know what’s going on and fall back on news sites like CNN, New York Times, The Guardian, Wall Street Journal, Washington Post, Huffington Post, BBC, and others:

Attacks

One could speculate that the Internet was under attack from malicious hackers. Our Firewall doesn’t agree; nothing out of the ordinary stands out.

Network Error Logs

Network Error Logging, NEL for short, is an experimental technology supported in Chrome. A website can issue a Report-To header and ask the browser to send reports about network problems, like bad requests or DNS issues, to a specific endpoint.

Cloudflare uses NEL data to quickly help triage end-user connectivity issues when end-users reach our network. You can learn more about this feature in our help center.

If Facebook is down and their DNS isn’t responding, Chrome will start reporting NEL events every time one of the pages in our zones fails to load Facebook comments, posts, ads, or authentication buttons. This chart shows it clearly.​​

WARP

Cloudflare announced WARP in 2019, and called it “A VPN for People Who Don’t Know What V.P.N. Stands For” and offered it for free to its customers. Today WARP is used by millions of people worldwide to securely and privately access the Internet on their desktop and mobile devices. Here’s what we saw during the outage by looking at traffic volume between WARP and Facebook’s network:

You can see how the steep drop in Facebook ASN traffic coincides with the start of the incident and how it compares to the same period the day before.

Our own traffic

People tend to think of Facebook as a place to visit. We log in, and we access Facebook, we post. It turns out that Facebook likes to visit us too, quite a lot. Like Google and other platforms, Facebook uses an army of crawlers to constantly check websites for data and updates. Those robots gather information about websites content, such as its titles, descriptions, thumbnail images, and metadata. You can learn more about this on the “The Facebook Crawler” page and the Open Graph website.

Here’s what we see when traffic is coming from the Facebook ASN, supposedly from crawlers, to our CDN sites:

The robots went silent.

What about the traffic coming to our CDN sites from Facebook User-Agents? The gap is indisputable.

We see about 30% of a typical request rate hitting us. But it’s not zero; why is that?

We’ll let you know a little secret. Never trust User-Agent information; it’s broken. User-Agent spoofing is everywhere. Browsers, apps, and other clients deliberately change the User-Agent string when they fetch pages from the Internet to hide, obtain access to certain features, or bypass paywalls (because pay-walled sites want sites like Facebook to index their content, so that then they get more traffic from links).

Fortunately, there are newer, and privacy-centric standards emerging like User-Agent Client Hints.

Core Web Vitals

Core Web Vitals are the subset of Web Vitals, an initiative by Google to provide a unified interface to measure real-world quality signals when a user visits a web page. Such signals include Largest Contentful Paint (LCP), First Input Delay (FID), and Cumulative Layout Shift (CLS).

We use Core Web Vitals with our privacy-centric Web Analytics product and collect anonymized data on how end-users experience the websites that enable this feature.

One of the metrics we can calculate using these signals is the page load time. Our theory is that if a page includes scripts coming from external sites (for example, Facebook “like” buttons, comments, ads), and they are unreachable, its total load time gets affected.

We used a list of about 400 domains that we know embed Facebook scripts in their pages and looked at the data.

Now let’s look at the Largest Contentful Paint. LCP marks the point in the page load timeline when the page’s main content has likely loaded. The faster the LCP is, the better the end-user experience.

Again, the page load experience got visibly degraded.

The outcome seems clear. The sites that use Facebook scripts in their pages took 1.5x more time to load their pages during the outage, with some of them taking more than 2x the usual time. Facebook’s outage dragged the performance of  some other sites down.

Conclusion

When Facebook, Instagram, and WhatsApp went down, the Web felt it. Some websites got slower or lost traffic, other services and platforms got unexpected load, and people lost the ability to communicate or do business normally.

Source :
https://blog.cloudflare.com/during-the-facebook-outage/

What’s new in Windows Server 2022

This article describes some of the new features in Windows Server 2022. Windows Server 2022 is built on the strong foundation of Windows Server 2019 and brings many innovations on three key themes: security, Azure hybrid integration and management, and application platform. Also, Windows Server 2022 Datacenter: Azure Edition helps you use the benefits of cloud to keep your VMs up to date while minimizing downtime.

Security

The new security capabilities in Windows Server 2022 combine other security capabilities in Windows Server across multiple areas to provide defense-in-depth protection against advanced threats. Advanced multi-layer security in Windows Server 2022 provides the comprehensive protection that servers need today.

Secured-core server

Secured-core server provides protections that are useful against sophisticated attacks and can provide increased assurance when handling mission critical data in some of the most data sensitive industries. It is built on three key pillars: simplified security, advanced protection, and preventative defense.

Simplified security

When you buy hardware from an OEM for Secured-core server, you have assurance that the OEM has provided a set of hardware, firmware, and drivers that satisfy the Secured-core promise. Windows Server systems will have easy configuration experiences in the Windows Admin Center to enable the security features of Secured-core.

Advanced protection

Secured-core servers use hardware, firmware, and operating system capabilities to the fullest extent to provide protection against current and future threats. The protections enabled by a Secured-core server are targeted to create a secure platform for critical applications and data used on that server. The Secured-core functionality spans the following areas:

  • Hardware root-of-trustTrusted Platform Module 2.0 (TPM 2.0) come standard with servers capable of using Secured-core servers. TPM 2.0 provides a secure store for sensitive keys and data, such as measurements of the components loaded during boot. This hardware root-of-trust raises the protection provided by capabilities like BitLocker, which uses TPM 2.0 and facilitates creating attestation-based workflows that can be incorporated into zero-trust security strategies.
  • Firmware protectionThere is a clear rise in security vulnerabilities being reported in the firmware space given the high privileges that firmware runs with and the relative opacity of what happens in firmware to traditional anti-virus solutions. Recent reports show that malware and ransomware platforms are adding firmware capabilities raising the risk of firmware attacks that have already been seen targeting enterprise resources like Active Directory domain controllers. Using processor support for Dynamic Root of Trust of Measurement (DRTM) technology, along with DMA protection, Secured-core systems isolate the security critical hypervisor from attacks such as this.
  • Virtualization-based security (VBS)Secured-core servers support VBS and hypervisor-based code integrity (HVCI). VBS and HVCI protect against the entire class of vulnerabilities used in cryptocurrency mining attacks given the isolation VBS provides between the privileged parts of the operating system such as the kernel and the rest of the system. VBS also provides more capabilities that customers can enable, such as Credential Guard, which better protects domain credentials.

Preventative defense

Enabling Secured-core functionality helps proactively defend against and disrupt many of the paths attackers may use to exploit a system. This set of defenses also enables IT and SecOps teams better utilize their time across the many areas that need their attention.

Secure connectivity

Transport: HTTPS and TLS 1.3 enabled by default on Windows Server 2022

Secure connections are at the heart of today’s interconnected systems. Transport Layer Security (TLS) 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a secure communication channel between two endpoints. HTTPS and TLS 1.3 is now enabled by default on Windows Server 2022, protecting the data of clients connecting to the server. It eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. Learn more about supported TLS versions and about supported cipher suites.

Secure DNS: Encrypted DNS name resolution requests with DNS-over-HTTPS

DNS Client in Windows Server 2022 now supports DNS-over-HTTPS (DoH) which encrypts DNS queries using the HTTPS protocol. This helps keep your traffic as private as possible by preventing eavesdropping and your DNS data being manipulated. Learn more about configuring the DNS client to use DoH.

Server Message Block (SMB): SMB AES-256 encryption for the most security conscious

Windows Server now supports AES-256-GCM and AES-256-CCM cryptographic suites for SMB encryption and signing. Windows will automatically negotiate this more advanced cipher method when connecting to another computer that also supports it, and it can also be mandated through Group Policy. Windows Server still supports AES-128 for down-level compatibility.

SMB: East-West SMB encryption controls for internal cluster communications

Windows Server failover clusters now support granular control of encrypting and signing intra-node storage communications for Cluster Shared Volumes (CSV) and the storage bus layer (SBL). This means that when using Storage Spaces Direct, you can decide to encrypt or sign east-west communications within the cluster itself for higher security.

SMB over QUIC

SMB over QUIC updates the SMB 3.1.1 protocol in Windows Server 2022 Datacenter: Azure Edition and supported Windows clients to use the QUIC protocol instead of TCP. By using SMB over QUIC along with TLS 1.3, users and applications can securely and reliably access data from edge file servers running in Azure. Mobile and telecommuter users no longer need a VPN to access their file servers over SMB when on Windows. More information can be found at the SMB over QUIC documentation.

Azure hybrid capabilities

You can increase your efficiency and agility with built-in hybrid capabilities in Windows Server 2022 that allow you to extend your data centers to Azure more easily than ever before.

Azure Arc enabled Windows Servers

Azure Arc enabled servers with Windows Server 2022 brings on-premises and multi-cloud Windows Servers to Azure with Azure Arc. This management experience is designed to be consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. More information can be found at the Azure Arc enables servers documentation.

Windows Admin Center

Improvements to Windows Admin Center to manage Windows Server 2022 include capabilities to both report on the current state of the Secured-core features mentioned above, and where applicable, allow customers to enable the features. More information on these and many more improvements to Windows Admin Center can be found at the Windows Admin Center documentation.

Azure Automanage – Hotpatch

Hotpatch, part of Azure Automanage, is supported in Windows Server 2022 Datacenter: Azure Edition. Hotpatching is a new way to install updates on new Windows Server Azure Edition virtual machines (VMs) that doesn’t require a reboot after installation. More information can be found at the Azure Automanage documentation.

Application platform

There are several platform improvements for Windows Containers, including application compatibility and the Windows Container experience with Kubernetes. A major improvement includes reducing the Windows Container image size by up to 40%, which leads to a 30% faster startup time and better performance.

You can now also run applications that depend on Azure Active Directory with group Managed Services Accounts (gMSA) without domain joining the container host, and Windows Containers now support Microsoft Distributed Transaction Control (MSDTC) and Microsoft Message Queuing (MSMQ).

There are several other enhancements that simplify the Windows Container experience with Kubernetes. These enhancements include support for host-process containers for node configuration, IPv6, and consistent network policy implementation with Calico.

In addition to platform improvements, Windows Admin Center has been updated to make it easy to containerize .NET applications. Once the application is in a container, you can host it on Azure Container Registry to then deploy it to other Azure services, including Azure Kubernetes Service.

With support for Intel Ice Lake processors, Windows Server 2022 supports business-critical and large-scale applications, such as SQL Server, that require up to 48 TB of memory and 2,048 logical cores running on 64 physical sockets. Confidential computing with Intel Secured Guard Extension (SGX) on Intel Ice Lake improves application security by isolating applications from each other with protected memory.

You can read more about these and other improvements at What’s new for Windows Containers in Windows Server 2022.

Other key features

Nested virtualization for AMD processors

Nested virtualization is a feature that allows you to run Hyper-V inside of a Hyper-V virtual machine (VM). Windows Server 2022 brings support for nested virtualization using AMD processors, giving more choices of hardware for your environments. More information can be found at the nested virtualization documentation.

Microsoft Edge browser

Microsoft Edge is included with Windows Server 2022, replacing Internet Explorer as the default browser. It is built on Chromium open source and backed by Microsoft security and innovation. It can be used with Server Core or Server with Desktop Experience installation options, and supports HTTP/3 which uses the QUIC protocol. More information can be found at the Microsoft Edge Enterprise documentation. Note that Microsoft Edge, unlike the rest of Windows Server, follows the Modern Lifecycle for its support lifecycle. For details, see Microsoft Edge lifecycle documentation.

Storage

Storage Migration Service

Enhancements to Storage Migration Service in Windows Server 2022 makes it easier to migrate storage to Windows Server or to Azure from more source locations. Here are the features that are available when running the Storage Migration Server orchestrator on Windows Server 2022:

  • Migrate local users and groups to the new server.
  • Migrate storage from failover clusters, migrate to failover clusters, and migrate between standalone servers and failover clusters.
  • Migrate storage from a Linux server that uses Samba.
  • More easily sync migrated shares into Azure by using Azure File Sync.
  • Migrate to new networks such as Azure.
  • Migrate NetApp CIFS servers from NetApp FAS arrays to Windows servers and clusters.

Adjustable storage repair speed

User adjustable storage repair speed is a new feature in Storage Spaces Direct that offers more control over the data resync process by allocating resources to either repair data copies (resiliency) or run active workloads (performance). This helps improve availability and allows you to service your clusters more flexibly and efficiently.

Storage bus cache with Storage Spaces on standalone servers

Storage bus cache is now available for standalone servers. It can significantly improve read and write performance, while maintaining storage efficiency and keeping the operational costs low. Similar to its implementation for Storage Spaces Direct, this feature binds together faster media (for example, NVMe or SSD) with slower media (for example, HDD) to create tiers. A portion of the faster media tier is reserved for the cache. To learn more, see Enable storage bus cache with Storage Spaces on standalone servers.

SMB compression

Enhancement to SMB in Windows Server 2022 and Windows 11 allows a user or application to compress files as they transfer over the network. Users no longer have to manually zip files in order to transfer much faster on slower or more congested networks. For details, see SMB Compression.

Source :
https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2022

DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver

Dell has released remediation for a security vulnerability affecting the dbutil_2_3.sys driver packaged with Dell Client firmware update utility packages and other products.

Proprietary Code CVEDescriptionCVSS   Base ScoreCVSS Vector String
CVE-2021-21551Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

The vulnerability described in the table above exists in the dbutil_2_3.sys driver. This driver may have been installed on to the Windows operating system of your Dell Client platform by one or more impacted products or components.

Refer to the “Affected Products and Remediation” section of this advisory for details regarding:

  • The list of impacted platforms, products, and components
  • The remediation steps including:
    • How to remove the vulnerable driver from your system
    • How to obtain an updated, remediated version of the driver 
  • What to know when using end of service life (aka end of support) platforms, products, or components

Additional, related information is available in this FAQ.

Dell Technologies raccomanda a tutti i clienti di prendere in considerazione sia il punteggio base CVSS, sia ogni eventuale punteggio temporale o ambientale che possa avere effetti sul livello di gravità potenziale associato a una specifica vulnerabilità di sicurezza.

Affected Products and Remediation

This section includes the following subsections:

  1. Affected platforms, products, and components.
  2. Remediation Steps:
    1. Determine impacted platforms, products, and components in your environment.
    2. Remove the vulnerable driver from your system.
    3. Obtain an updated, remediated version of the driver.
  3. What to know when installing a firmware update using an unremediated firmware update utility package.
  4. What to know when using end of service life (aka end of support) platforms, products, or components.

 
1. Affected platforms, products, and components
The vulnerable driver (dbutil_2_3.sys) may have been installed on to the Windows operating system of your Dell Client platform by one or more of the following products or components:

  • Impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities (see Note 1 and Note 2 below).
  • Any of the Dell Download Notification solutions, including Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business).
  • Dell System Inventory Agent
  • Dell Platform Tags
  • Dell BIOS Flash Utility

Note 1: The specific Dell Client platforms with impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities, are listed in the “Additional Information” section of this advisory.

  • This information is split into two tables with Table A listing impacted, supported platforms and Table B listing impacted platforms which have reached end of service life (aka end of support).

Note 2: This vulnerability is in the dbutil_2_3.sys driver which is included with firmware update utility packages. The actual firmware is not impacted by the vulnerability.

 
 
2. Remediation Steps
 Execute the following three steps to remediate this vulnerability:

  • 2.1. Determine impacted platforms, products, and components in your environment.
  • 2.2. Remove the vulnerable driver from your system.
  • 2.3. Obtain an updated, remediated version of the driver .

Details on each step are provided below.  

2.1 Determine impacted platforms, products, and components in your environment

Answer the following questions to determine the impacted platforms, products, and components in your environment. Then, execute the defined actions to remediate your environment.

2.1.1 Are you using a Dell Client platform which has an impacted firmware update utility package?

 If yes, perform the following actions:

  • Action 1: Remove the dbutil_2_3.sys driver from your system as described in 2.2.2.
  • Action 2: Obtain an updated, remediated version of the driver described in 2.3.  

Note: The specific Dell Client platforms with impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities, are listed in the “Additional Information” section of this advisory.

  • This information is split into two tables with Table A listing impacted, supported platforms and Table B listing impacted platform which have reached end of service life (aka end of support).

2.1.2 Are you using:

  • Any of the Dell Download Notification solutions including, Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business)?
  • Dell System Inventory Agent
  • Dell Platform Tags
  • Dell BIOS Flash Utility

If yes, perform the following actions:

  • Action 1: Update to a remediated version of the product or component as described in 2.2.1.
  • Action 2: Remove the dbutil_2_3.sys driver from your system as described in 2.2.2.

2.2. Remove the vulnerable driver from your system

Execute the following 2 steps to remove the dbutil_2_3.sys driver from your system, as applicable.

2.2.1 Update to a remediated version of the impacted product or component

If you are using any of the following products or components:

  • Any of the Dell Download Notification solutions including, Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business)
  • Dell System Inventory Agent
  • Dell Platform Tags
  • Dell BIOS Flash Utility

You must first update to a remediated version of the impacted product or component using respective instructions below. This action will also install an updated remediated version of the driver (DBUtilDrv2.sys).

For Dell Command Update, Dell Update, and Alienware Update:

  • Manually update to version 4.2 or greater
    • Visit the Dell Support Drivers and Download site for updates for your platform
      OR
    • If the self-update feature of these components is not enabled on your system, you can:
      • On an internet connected system, open / run the application
      • Click “Check for Updates”.

Note: When using either the “Check for Updates” option above, or when the self-update feature for these components is enabled, components will be updated as needed to prepare for driver removal via the next step (2.2.2), but the version of the component may not be reflected as an updated version.

  • Reboot your system.

For Dell SupportAssist for PCs (Home and Business):

  • Manually update to the latest available version:
    • Dell SupportAssist for Home PCs version 3.9.2 or greater will include the remediated driver and is expected to be available by June 15, 2021.
    • Dell SupportAssist for Business PCs version 2.4.1 or greater will include the remediated driver.
      OR
    • If the self-update feature of these components is not enabled on your system, you can:
      • On an internet connected system, open / run the application
      • Click “Check for Updates”.

Note: When using either the “Check for Updates” option above, or when the self-update feature for these components is enabled, components will be updated as needed to prepare for driver removal via the next step (2.2.2), but the version of the component may not be reflected as an updated version.

  • Reboot your system.

 For Dell System Inventory Agent:

  • Synchronize your Microsoft System Center Configuration Manager’s third-party updates feature, or Microsoft System Center Update Publisher (along with Windows Server Updates Services) to the latest Dell-provided catalog. Doing so will update the systems in your enterprise environment with the updated, remediated Dell System (OpenManage) Inventory Agent.
    OR
  • Update to version 2.7.0.2 or greater by downloading / applying the latest available update on this page .
  • Reboot your system.

For Dell Platform Tags:

  • Update to version 4.0.20.0, A04 or greater by downloading / applying the latest available update on this page.
  • Reboot your system.

For Dell BIOS Flash Utility:

  • Update to version 3.3.11, A07 or greater by downloading / applying the latest available update on this page.
  • Reboot your system.

2.2.2 Remove the dbutil_2_3.sys driver from your system

Remove the dbutil_2_3.sys driver from your system using one of the following options:

  • Manually download and run a utility to remove the driver from the system (Option A).
  • Utilize one of the Dell Download Notification solutions to automatically obtain and run a utility to remove the driver from the system (Option B).
  • Manually remove the driver from the system (Option C).

Option A (Recommended):
Manually download and run the Dell Security Advisory Update – DSA-2021-088 utility to remove the dbutil_2_3.sys driver from the system.

Option B:
Use one of the Dell Download Notification solutions, to obtain and run the Dell Security Advisory Update – DSA-2021-088 utility to remove the dbutil_2_3.sys driver from the system.

Scenario 1: If your Dell Download Notification solution is configured to both automatically notify you of updates and apply them, then this utility will be automatically downloaded and run for you.

Scenario 2: If your Dell Download Notification solution is not configured to automatically download and apply updates, obtain and run the utility as follows:

Option C:
Manually remove the vulnerable dbutil_2_3.sys driver from the system using the following steps:

1. Check the following locations for the dbutil_2_3.sys driver file:

  • C:\Users\<username>\AppData\Local\Temp
  • C:\Windows\Temp

2. Select the dbutil_2_3.sys file and hold down the SHIFT key while pressing the DELETE key to permanently delete.

3. From an administrator command prompt, run “sc.exe delete DBUtil_2_3”.

Reference: For information on sc.exe commands, see Microsoft documentation.

2.3 Obtain an updated, remediated version of the driver
Execute the following to obtain an updated driver (DBUtilDrv2.sys) on your system.

Reminder: The updated driver was previously installed for certain products and components as a part of the instructions in Section 2.2.1.

For a Dell Client platform which has an impacted firmware update utility package:

  • With your next scheduled firmware update, download and apply the latest available firmware update utility which contains a remediated dbutil driver (DBUtilDrv2.sys). Customers can use one of the Dell Download Notification solutions to receive updated firmware update utility packages, as applicable.
  • Reboot your system

Notes:

  • For supported platforms running Windows 10, updates are available as of the publishing of this advisory. (See Table A)
  • For supported platforms running Windows 7 or 8.1, updates are expected to be available by July 31, 2021. Once the updates are available, this advisory will be updated. If you update your BIOS, Thunderbolt firmware, TPM firmware, or doc firmware prior to the updates being available, you must also execute one of the three options defined in Step 2.2.2 of this section – even if you have previously performed this step – immediately following the update.

 
3. What to know when installing a firmware update using an unremediated firmware update utility package
You should still execute the steps in Sections 2.1 and 2.2 now. However, if you later update your BIOS, Thunderbolt firmware, TPM firmware, or dock firmware, to a version prior to the versions listed in Table A, you must take the following actions after applying the firmware update:

  1. Reboot your system.
  2. Repeat step 2.2.2 to again remove the dbutil_2_3.sys driver from your system.


4. What to know when using end of service life (aka end of support) platforms, products, or components
Remediated packages will not be provided for end of service life platforms (see Table B). Therefore, you must:

  1. Execute the steps in Sections 2.1 and 2.2.
  2. After applying any firmware update, including BIOS, Thunderbolt firmware, TPM firmware, or dock firmware:
  • Reboot your system.
  • Repeat step 2.2.2 to again remove the dbutil_2_3.sys driver from your system.
Ringraziamenti

Dell would like to thank Alex Ionescu, Satoshi Tanda, and Yarden Shafir of CrowdStrike; Enrique Nissim of IOActive; Scott Noone of OSR; and Kasif Dekel of SentinelOne for reporting this issue.
 

Cronologia delle revisioni
RevisionDateDescription
1.02021-05-04Initial Release
1.12021-05-11Updated links to Dell Security Advisory Update – DSA-2021-088 utility v2.1 (A02)
2.02021-05-25Added additional impacted software products Dell BIOS Flash Utility and Dell SupportAssist for PCs (Home and Business)
Informazioni correlate

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Informazioni aggiuntive

Additional, related information is available in this FAQ.

Table A: Supported Dell platforms impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities.

Note: For platforms running Windows 10: Obtain the version specified in the table, or greater as available, for your BIOS, Thunderbolt Firmware Update, TPM Firmware Update, Dock Firmware Update Version. Once available, the table will be revised to add the updated versions for Windows 7 and 8.1.

Platform/ProductBIOS Version (or greater)Thunderbolt Firmware Update Version (or greater)TPM Firmware Update Version (or greater)Dock Firmware Update Version (or greater)
ChengMing 39671.11.0N/AN/AN/A
ChengMing 39771.11.0N/AN/AN/A
ChengMing 39802.17.0N/AN/AN/A
ChengMing 39881.5.0N/AN/AN/A
ChengMing 39901.3.1N/AN/AN/A
ChengMing 39911.3.1N/AN/AN/A
Dell G15 55101.3.1N/AN/AN/A
Dell G3 35001.7.1N/AN/AN/A
Dell G3 35791.14.04.46.154.001, A03N/AN/A
Dell G3 37791.14.04.46.154.001, A03N/AN/A
Dell G5 50001.1.0N/AN/AN/A
Dell G5 50901.4.0N/AN/AN/A
Dell G5 55001.7.1N/AN/AN/A
Dell G5 55871.15.04.46.152.001, A02N/AN/A
Dell G5 55901.14.0N/AN/AN/A
Dell G7 75001.6.0N/AN/AN/A
Dell G7 75881.15.04.46.152.001, A02N/AN/A
Dell G7 75901.14.0N/AN/AN/A
Dell G7 77001.6.0N/AN/AN/A
Dell G7 77901.14.0N/AN/AN/A
Dell Gaming G3 35901.12.0N/AN/AN/A
Dell Precision 3430 Tower1.10.0N/A7.2.0.2N/A
Dell Precision 3430 XL1.10.0N/A7.2.0.2N/A
Dell Precision 3431 Tower1.7.2N/AN/AN/A
Dell Precision 3630 Tower2.7.0N/AN/AN/A
Dell Precision 3930 Rack2.10.0N/A7.2.0.2N/A
Dell Precision 3930 XL Rack2.10.0N/A7.2.0.2N/A
Dell Precision 5820 Tower2.8.0N/A7.2.0.2N/A
Dell Precision 7820 Tower2.12.0N/AN/AN/A
Dell Precision 7820 XL Tower2.12.0N/AN/AN/A
Dell Precision 7920 Tower2.12.0N/AN/AN/A
Dell Precision 7920 XL Tower2.12.0N/AN/AN/A
Embedded Box PC 50001.9.1N/AN/AN/A
Inspiron 13 53701.17.0N/AN/AN/A
Inspiron 14 (5468)1.13.1N/AN/AN/A
Inspiron 14 (7460)1.14.1N/AN/AN/A
Inspiron 14 Gaming (7466)1.8.0N/AN/AN/A
Inspiron 14 Gaming (7467)1.13.1N/AN/AN/A
Inspiron 15 (5566)1.13.1N/AN/AN/A
Inspiron 15 (5567)1.4.1N/AN/AN/A
Inspiron 15 (7560)1.14.1N/AN/AN/A
Inspiron 15 (7572)1.6.1N/AN/AN/A
Inspiron 15 5582 2-in-12.9.0N/AN/AN/A
Inspiron 15 Gaming (7566)1.8.0N/AN/AN/A
Inspiron 15 Gaming (7567)1.13.1N/AN/AN/A
Inspiron 15 Gaming (7577)1.12.14.46.150.001, A05N/AN/A
Inspiron 17 (5767)1.4.1N/AN/AN/A
Inspiron 32681.15.0N/AN/AN/A
Inspiron 34702.17.0N/AN/AN/A
Inspiron 34711.5.0N/AN/AN/A
Inspiron 34801.12.0N/AN/AN/A
Inspiron 34811.11.0N/AN/AN/A
Inspiron 34901.10.0N/AN/AN/A
Inspiron 34931.12.0N/AN/AN/A
Inspiron 35011.4.0N/AN/AN/A
Inspiron 35801.12.0N/AN/AN/A
Inspiron 35811.11.0N/AN/AN/A
Inspiron 35831.12.0N/AN/AN/A
Inspiron 35841.11.0N/AN/AN/A
Inspiron 35901.10.0N/AN/AN/A
Inspiron 35931.12.0N/AN/AN/A
Inspiron 36681.15.0N/AN/AN/A
Inspiron 36702.17.0N/AN/AN/A
Inspiron 36711.5.0N/AN/AN/A
Inspiron 37801.12.0N/AN/AN/A
Inspiron 37811.11.0N/AN/AN/A
Inspiron 37901.10.0N/AN/AN/A
Inspiron 37931.12.0N/AN/AN/A
Inspiron 38801.3.1N/AN/AN/A
Inspiron 38811.3.1N/AN/AN/A
Inspiron 38911.0.2N/AN/AN/A
Inspiron 53001.5.0N/AN/AN/A
Inspiron 53011.6.1N/AN/AN/A
Inspiron 53901.10.0N/AN/AN/A
Inspiron 53911.11.0N/AN/AN/A
Inspiron 5400 2-in-11.5.0N/AN/AN/A
Inspiron 5400 AIO1.3.1N/AN/AN/A
Inspiron 54011.5.1N/AN/AN/A
Inspiron 54021.4.1N/AN/AN/A
Inspiron 5406 2-in-11.4.1N/AN/AN/A
Inspiron 54081.5.1N/AN/AN/A
Inspiron 54091.4.1N/AN/AN/A
Inspiron 54802.9.0N/AN/AN/A
Inspiron 5481 2-in-12.9.0N/AN/AN/A
Inspiron 54822.9.0N/AN/AN/A
Inspiron 54901.12.0N/AN/AN/A
Inspiron 5490 AIO1.7.0N/AN/AN/A
Inspiron 5491 2-in-11.8.1N/AN/AN/A
Inspiron 54931.12.0N/AN/AN/A
Inspiron 54941.10.0N/AN/AN/A
Inspiron 54981.12.0N/AN/AN/A
Inspiron 55011.5.1N/AN/AN/A
Inspiron 55021.4.1N/AN/AN/A
Inspiron 55081.5.1N/AN/AN/A
Inspiron 55091.4.1N/AN/AN/A
Inspiron 55701.4.1N/AN/AN/A
Inspiron 55802.9.0N/AN/AN/A
Inspiron 55831.12.0N/AN/AN/A
Inspiron 55841.12.0N/AN/AN/A
Inspiron 55901.12.0N/AN/AN/A
Inspiron 5591 2-in-11.8.1N/AN/AN/A
Inspiron 55931.12.0N/AN/AN/A
Inspiron 55941.10.0N/AN/AN/A
Inspiron 55981.12.0N/AN/AN/A
Inspiron 57701.4.1N/AN/AN/A
Inspiron 73001.6.1N/AN/AN/A
Inspiron 7300 2-in-11.2.4N/AN/AN/A
Inspiron 7306 2-in-11.4.1N/AN/AN/A
Inspiron 73801.12.0N/AN/AN/A
Inspiron 73861.9.0N/AN/AN/A
Inspiron 73901.11.0N/AN/AN/A
Inspiron 73911.11.0N/AN/AN/A
Inspiron 7391 2-in-11.9.14.61.136.013, A01N/AN/A
Inspiron 74001.6.1N/AN/AN/A
Inspiron 74721.6.1N/AN/AN/A
Inspiron 74901.6.04.60.111.017, A03N/AN/A
Inspiron 75001.5.14.61.124.009, A01N/AN/A
Inspiron 7500 2-in-1 Black1.2.4N/AN/AN/A
Inspiron 7500 2-in-1 Silver1.5.0N/AN/AN/A
Inspiron 75011.5.14.61.124.009, A01N/AN/A
Inspiron 7506 2-in-11.4.1N/AN/AN/A
Inspiron 75801.12.0N/AN/AN/A
Inspiron 75861.9.0N/AN/AN/A
Inspiron 75901.8.0N/AN/AN/A
Inspiron 7590 2-in-11.11.0N/AN/AN/A
Inspiron 75911.8.0N/AN/AN/A
Inspiron 7591 2-in-11.9.14.61.136.013, A01N/AN/A
Inspiron 77001.3.1N/AN/AN/A
Inspiron 7706 2-in-11.4.1N/AN/AN/A
Inspiron 77861.9.0N/AN/AN/A
Inspiron 77901.7.0N/AN/AN/A
Inspiron 77911.9.14.61.136.013, A01N/AN/A
Inspiron 5491 AIO1.7.0N/AN/AN/A
Latitude 12 72851.9.24.46.146.001, A05N/AN/A
Latitude 12 Rugged Extreme 72141.28.0N/AN/AN/A
Latitude 12 Rugged Tablet 72121.31.2N/AN/AN/A
Latitude 14 Rugged 54141.28.0N/AN/AN/A
Latitude 14 Rugged Extreme 74141.28.0N/AN/AN/A
Latitude 31201.0.5N/AN/AN/A
Latitude 31801.13.2N/AN/AN/A
Latitude 31891.13.2N/AN/AN/A
Latitude 31901.13.1N/AN/AN/A
Latitude 3190 2-in-11.13.1N/AN/AN/A
Latitude 33001.10.1N/AN/AN/A
Latitude 33011.13.0N/AN/AN/A
Latitude 33101.8.3N/AN/AN/A
Latitude 3310 2-in-11.17.1N/AN/AN/A
Latitude 33801.13.1N/AN/AN/A
Latitude 33901.14.2N/AN/AN/A
Latitude 34001.16.0N/A74.64N/A
Latitude 34101.5.1N/AN/AN/A
Latitude 34701.19.0N/AN/AN/A
Latitude 34801.15.1N/AN/AN/A
Latitude 3480 mobile thin client1.15.1N/AN/AN/A
Latitude 34901.14.1N/A7.2.0.2N/A
Latitude 35001.16.0N/A74.64N/A
Latitude 35101.5.1N/AN/AN/A
Latitude 35701.19.0N/AN/AN/A
Latitude 35801.15.1N/AN/AN/A
Latitude 35901.14.1N/A7.2.0.2N/A
Latitude 51751.8.1N/AN/AN/A
Latitude 51791.8.1N/AN/AN/A
Latitude 52001.14.04.46.134.002, A04N/AN/A
Latitude 52801.19.3N/AN/AN/A
Latitude 5280 mobile thin client1.19.3N/AN/AN/A
Latitude 5285 2-in-11.11.2N/AN/AN/A
Latitude 52881.19.3N/AN/AN/A
Latitude 52891.22.2N/AN/AN/A
Latitude 52901.16.3N/A7.2.0.2N/A
Latitude 5290 2-in-11.13.14.46.147.001, A037.2.0.2N/A
Latitude 53001.14.0N/A74.64N/A
Latitude 5300 2-IN-11.14.04.46.134.002, A0474.64N/A
Latitude 53101.5.24.61.131.007, A00N/AN/A
Latitude 5310 2-in-11.5.24.61.131.007, A00N/AN/A
Latitude 53201.14.0N/AN/AN/A
Latitude 5320 2-in-11.14.0N/AN/AN/A
Latitude 54001.10.14.46.135.003, A0474.64N/A
Latitude 54011.11.14.46.135.003, A0474.64N/A
Latitude 54101.5.14.60.142.001, A01N/AN/A
Latitude 54111.4.34.60.119.008, A01N/AN/A
Latitude 54201.5.2N/AN/AN/A
Latitude 54801.19.34.46.155.001, A06N/AN/A
Latitude 54881.19.34.46.155.001, A06N/AN/A
Latitude 54901.16.3N/A7.2.0.2N/A
Latitude 54911.14.14.46.107.019, A047.2.0.2N/A
Latitude 54951.4.0N/AN/AN/A
Latitude 55001.10.14.46.135.003, A0474.64N/A
Latitude 55011.11.14.46.135.003, A0474.64N/A
Latitude 55101.5.14.60.142.001, A01N/AN/A
Latitude 55111.4.34.60.119.008, A01N/AN/A
Latitude 55201.5.1N/AN/AN/A
Latitude 55801.19.34.46.155.001, A06N/AN/A
Latitude 55901.16.3N/A7.2.0.2N/A
Latitude 55911.14.14.46.107.019, A047.2.0.2N/A
Latitude 7200 2-in-11.10.14.46.114.005, A0374.64N/A
Latitude 7210 2 in 11.5.14.60.130.010, A01N/AN/A
Latitude 72751.9.04.26.10.001, A08N/AN/A
Latitude 72801.20.24.46.155.001, A06N/AN/A
Latitude 72901.18.04.46.107.019, A047.2.0.2N/A
Latitude 73001.12.04.46.135.003, A0474.64N/A
Latitude 73101.5.14.60.142.001, A01N/AN/A
Latitude 73201.5.0N/AN/AN/A
Latitude 73701.22.34.26.10.001, A08N/AN/A
Latitude 73801.20.24.46.155.001, A06N/AN/A
Latitude 73891.22.2N/AN/AN/A
Latitude 73901.18.04.46.107.019, A047.2.0.2N/A
Latitude 7390 2-in-11.17.04.46.107.019, A047.2.0.2N/A
Latitude 74001.12.04.46.135.003, A0474.64N/A
Latitude 7400 2in11.10.04.46.112.010, A0374.64N/A
Latitude 74101.5.14.60.142.001, A01N/AN/A
Latitude 74201.5.0N/AN/AN/A
Latitude 74801.20.24.46.155.001, A06N/AN/A
Latitude 74901.18.04.46.107.019, A047.2.0.2N/A
Latitude 75201.5.0N/AN/AN/A
Latitude 94101.5.14.60.142.001, A01N/AN/A
Latitude 95101.4.24.60.116.012, A01N/AN/A
Latitude E52701.24.3N/AN/AN/A
Latitude E54701.24.3N/AN/AN/A
Latitude E55701.24.34.26.10.001, A08N/AN/A
Latitude E72701.27.3N/AN/AN/A
Latitude E7270 mobile thin client1.20.3,N/AN/AN/A
Latitude E74701.27.3N/AN/AN/A
Latitude Rugged 54201.12.0N/A7.2.0.2N/A
Latitude Rugged 54241.12.0N/A7.2.0.2N/A
Latitude Rugged 74241.12.0N/A7.2.0.2N/A
Latitude Rugged Extreme 74241.12.0N/AN/AN/A
Latitude Rugged Extreme Tablet 72201.9.1N/A74.64N/A
Latitude Rugged Extreme Tablet 7220EX1.9.1N/A74.64N/A
OptiPlex 30401.14.2N/AN/AN/A
OptiPlex 30461.11.1N/AN/AN/A
OptiPlex 30501.15.1N/AN/AN/A
OptiPlex 3050 AIO1.16.1N/AN/AN/A
OptiPlex 30601.9.1N/A7.2.0.2N/A
OPTIPLEX 30701.7.0N/AN/AN/A
OptiPlex 30801.3.1N/AN/AN/A
OptiPlex 3090 Ultra1.0.10N/AN/AN/A
OptiPlex 3240 All-in-One1.11.1N/AN/AN/A
OPTIPLEX 3280 AIO1.3.1N/AN/AN/A
OptiPlex 50401.17.1N/AN/AN/A
OptiPlex 50501.15.1N/AN/AN/A
OptiPlex 5055 A-Serial1.2.9N/AN/AN/A
OptiPlex 5055 Ryzen APU1.2.8N/AN/AN/A
OptiPlex 5055 Ryzen CPU1.1.20N/AN/AN/A
OptiPlex 50601.9.1N/A7.2.0.2N/A
OptiPlex 50701.7.0N/AN/AN/A
OptiPlex 50801.3.10N/AN/AN/A
OptiPlex 5250 All-in-One1.16.1N/AN/AN/A
OptiPlex 5260 All-In-One1.12.0N/A7.2.0.2N/A
OptiPlex 5270 AIO1.7.0N/AN/AN/A
OptiPlex 5480 AIO1.4.0N/AN/AN/A
OptiPlex 70401.19.0N/AN/AN/A
OptiPlex 70501.15.1N/AN/AN/A
OptiPlex 70601.9.1N/A7.2.0.2N/A
OptiPlex 70701.7.2N/AN/AN/A
OptiPlex 7070 Ultra1.7.0N/AN/AN/A
OptiPlex 70711.7.2N/AN/AN/A
OptiPlex 70801.13.0N/AN/AN/A
OptiPlex 7090 Ultra1.0.10N/AN/AN/A
OptiPlex 7440 AIO1.14.1N/AN/AN/A
OptiPlex 7450 All-In-One1.16.1N/AN/AN/A
OptiPlex 7460 All-In-One1.12.0N/A7.2.0.2N/A
OPTIPLEX 7470 AIO1.7.0N/AN/AN/A
OPTIPLEX 7480 AIO1.6.2N/AN/AN/A
OptiPlex 7760 AIO1.12.0N/A7.2.0.2N/A
OPTIPLEX 7770 AIO1.7.0N/AN/AN/A
OPTIPLEX 7780 AIO1.6.2N/AN/AN/A
OptiPlex XE31.9.1N/A7.2.0.2N/A
Precision 17 M57501.7.2N/AN/AN/A
Precision 3240 CFF1.4.0N/AN/AN/A
Precision 3420 Tower2.17.1N/AN/AN/A
Precision 34401.13.0N/AN/AN/A
Precision 35101.24.34.26.10.001, A08N/AN/A
Precision 35201.19.34.46.155.001, A06N/AN/A
Precision 35301.14.14.46.107.019, A047.2.0.2N/A
Precision 35401.10.14.46.135.003, A0474.64N/A
Precision 35411.11.14.46.135.003, A0474.64N/A
Precision 35501.5.14.60.142.001, A01N/AN/A
Precision 35511.4.34.60.119.008, A01N/AN/A
Precision 35601.5.1N/AN/AN/A
Precision 3620 Tower2.17.1N/AN/AN/A
Precision 36401.4.3N/AN/AN/A
Precision 55101.16.14.26.11.001, A09N/AN/A
Precision 55201.22.14.26.12.001, A04N/AN/A
Precision 55301.18.14.46.152.001, A027.2.0.2N/A
Precision 5530 2-in-11.12.94.46.145.001, A027.2.0.2N/A
Precision 55401.9.14.46.110.002, A027.2.0.2N/A
Precision 55501.7.14.60.117.022, A00N/AN/A
Precision 5720 AIO2.8.1N/AN/AN/A
Precision 5820 XL Tower2.8.0N/AN/AN/A
Precision 75201.19.24.46.155.001, A06N/AN/A
Precision 75301.15.34.62.102.019, A027.2.0.2N/A
Precision 75401.11.24.62.108.013, A03N/AN/A
Precision 75501.6.24.62.120.007, A01N/AN/A
Precision 77201.19.24.46.155.001, A06N/AN/A
Precision 77301.15.34.62.102.019, A027.2.0.2N/A
Precision 77401.11.24.62.108.013, A03N/AN/A
Precision 77501.6.24.62.120.007, A01N/AN/A
Vostro 13 53701.17.0N/AN/AN/A
Vostro 14 (5468)1.14.1N/AN/AN/A
Vostro 14 54711.17.0N/AN/AN/A
Vostro 15 (5568)1.14.1N/AN/AN/A
Vostro 15 75701.12.14.46.151.001, A05N/AN/A
Vostro 15 7580 G-Series1.15.04.46.153.001, A02N/AN/A
Vostro 30702.17.0N/AN/AN/A
Vostro 32671.15.1N/AN/AN/A
Vostro 32681.15.1N/AN/AN/A
Vostro 34001.4.0N/AN/AN/A
Vostro 34011.1.0N/AN/AN/A
Vostro 34702.17.0N/AN/AN/A
Vostro 34711.5.0N/AN/AN/A
Vostro 34801.12.0N/AN/AN/A
Vostro 34811.11.0N/AN/AN/A
Vostro 34901.10.0N/AN/AN/A
Vostro 34911.15.0N/AN/AN/A
Vostro 35001.4.0N/AN/AN/A
Vostro 35011.1.0N/AN/AN/A
Vostro 35801.12.0N/AN/AN/A
Vostro 35811.11.0N/AN/AN/A
Vostro 35831.12.0N/AN/AN/A
Vostro 35841.11.0N/AN/AN/A
Vostro 35901.10.0N/AN/AN/A
Vostro 35911.15.0N/AN/AN/A
Vostro 36601.15.1N/AN/AN/A
Vostro 36671.15.1N/AN/AN/A
Vostro 36681.15.1N/AN/AN/A
Vostro 36691.15.1N/AN/AN/A
Vostro 36702.17.0N/AN/AN/A
Vostro 36711.5.0N/AN/AN/A
Vostro 3681 1.3.1N/AN/AN/A
Vostro 36901.0.2N/AN/AN/A
Vostro 38811.3.1N/AN/AN/A
Vostro 38881.3.1N/AN/AN/A
Vostro 38901.0.2N/AN/AN/A
Vostro 50901.5.0N/AN/AN/A
Vostro 53001.5.0N/AN/AN/A
Vostro 53011.6.1N/AN/AN/A
Vostro 53901.10.0N/AN/AN/A
Vostro 53911.11.0N/AN/AN/A
Vostro 54011.5.3N/AN/AN/A
Vostro 54021.4.1N/AN/AN/A
Vostro 54101.5.1N/AN/AN/A
Vostro 54812.9.0N/AN/AN/A
Vostro 54901.12.0N/AN/AN/A
Vostro 54911.12.0N/AN/AN/A
Vostro 55011.5.1N/AN/AN/A
Vostro 55021.4.1N/AN/AN/A
Vostro 55812.9.0N/AN/AN/A
Vostro 55901.12.0N/AN/AN/A
Vostro 55911.12.0N/AN/AN/A
Vostro 58801.3.0N/AN/AN/A
Vostro 58901.0.2N/AN/AN/A
Vostro 75001.5.14.61.124.009, A01N/AN/A
Vostro 75901.8.0N/AN/AN/A
Wyse 50701.9.0N/A7.2.0.2N/A
Wyse 54701.6.0N/AN/AN/A
Wyse 5470 All-In-One1.7.0N/AN/AN/A
Wyse 7040 Thin Client1.10.1N/AN/AN/A
XPS 12 (9250)1.9.04.26.10.001, A08N/AN/A
XPS 13 (9360)2.15.04.26.13.001, A04N/AN/A
XPS 13 (9370)1.14.34.46.149.001, A047.2.0.2N/A
XPS 13 2-in-1 (9365)2.15.04.46.148.001, A03N/AN/A
XPS 13 73901.7.04.46.106.027, A01N/AN/A
XPS 13 7390 2-in-11.7.1N/A74.64N/A
XPS 13 93001.4.1N/A74.64N/A
XPS 13 93051.0.5N/AN/AN/A
XPS 13 93102.2.0N/AN/AN/A
XPS 13 9310 2-in-12.2.1N/AN/AN/A
XPS 13 93801.12.04.46.101.063, A027.2.0.2N/A
XPS 15 (9560)1.22.04.26.12.001, A04N/AN/A
XPS 15 2-in-1 (9575)1.14.14.46.144.001, A037.2.0.2N/A
XPS 15 95001.7.14.60.117.022, A00N/AN/A
XPS 15 95701.18.14.46.152.001, A027.2.0.2N/A
XPS 17 97001.7.2N/AN/AN/A
XPS 27 AIO (7760)2.8.1N/AN/AN/A
XPS 75901.9.14.46.110.002, A027.2.0.2N/A
XPS 89002.9.1N/AN/AN/A
XPS 89402.0.11N/AN/AN/A
Dell Dock WD15N/AN/AN/A1.0.8
Dell Dock WD19N/AN/AN/A01.00.15
Dell Thunderbolt Dock TB16N/AN/AN/A1.0.4
Dell Thunderbolt Dock TB18DCN/AN/AN/A1.0.10

Table B: End of Service Life Dell platforms with impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities and TPM firmware update utilities.

 PLATFORMS
Alienware 14Inspiron 580sOptiPlex 780
Alienware 17 51m r2Inspiron 620OptiPlex 790
Alienware Area 51Inspiron 660OptiPlex 9010
Alienware M14xr2Inspiron 660sOptiPlex 9020
Alienware M15 R4Inspiron 7359OptiPlex 9030 AIO
Alienware M17xr4Inspiron 7368OptiPlex 990
Alienware M18xr2Inspiron 7437OptiPlex Fx130
Asm100Inspiron 7520OptiPlex Fx170
Asm100r2Inspiron 7537OptiPlex Xe2
Cheng Ming 3967Inspiron 7548Precision 7510
Dell CanvasInspiron 7558Precision 7710
Dell Latitude 14 Rugged ExtremeInspiron 7559Precision M4600
Inspiron 1122Inspiron 7720Precision M4700
Inspiron 11-3162Inspiron 7737Precision M6600
Inspiron 1210Inspiron 7746Precision M6700
Inspiron 14-3452Inspiron One 19Precision R5500
Inspiron 14-5459Inspiron One 2020Precision T1700
Inspiron 15-3552Latitude 3150Precision T3500
Inspiron 1545Latitude 3160Precision T3600
Inspiron 15-5559Latitude 3310 2in1Precision T3610
Inspiron 15-5565Latitude 3330Precision T5500
Inspiron 1564Latitude 3340Precision T5600
Inspiron 15zLatitude 3350Precision T5610
Inspiron 17-5759Latitude 3440Precision T5810
Inspiron 20-3052Latitude 3450Precision T7500
Inspiron 2330Latitude 3460Precision T7600
Inspiron 24-3452Latitude 3460 Wyse TcPrecision T7610
Inspiron 24-3455Latitude 3550Precision T7810
Inspiron 24-5475Latitude 3560Precision T7910
Inspiron 3043Latitude 5250Vostro 14 3458
Inspiron 3048Latitude 5285Vostro 14-3446
Inspiron 3147Latitude 5450Vostro 1450
Inspiron 3157Latitude 5520Vostro 14-5459
Inspiron 3168Latitude 5550Vostro 15 3561
Inspiron 3252Latitude 7285Vostro 1550
Inspiron 3421Latitude 7350Vostro 20 3052
Inspiron 3437Latitude E5420Vostro 20 3055
Inspiron 3442Latitude E5430Vostro 220s
Inspiron 3443Latitude E5440Vostro 230
Inspiron 3520Latitude E5530Vostro 2521
Inspiron 3521Latitude E5540Vostro 260
Inspiron 3537Latitude E6220Vostro 270
Inspiron 3542Latitude E6230Vostro 270s
Inspiron 3543Latitude E6320Vostro 3010
Inspiron 3646Latitude E6330Vostro 3252
Inspiron 3647Latitude E6430Vostro 3560
Inspiron 3655Latitude E6430 AtgVostro 3800
Inspiron 3656Latitude E6440Vostro 3900
Inspiron 3847Latitude E6530Vostro 3900g
Inspiron 5323Latitude E6540Vostro 3901
Inspiron 5348Latitude E7240Vostro 3902
Inspiron 5423Latitude E7250Vostro 3905
Inspiron 5443Latitude E7270 Wyse TcVostro 470
Inspiron 5448Latitude E7440Vostro 5480
Inspiron 5485 2n1Latitude E7450XPS 13 9343
Inspiron 5520Latitude Xt3XPS 8700
Inspiron 5521OptiPlex 3010XPS 9350
Inspiron 5537OptiPlex 3011 AIOXPS 9530
Inspiron 5543OptiPlex 3020XPS One 2710
Inspiron 5548OptiPlex 3030 AIOXPS  13 9343
Inspiron 5576OptiPlex 390XPS 8700
Inspiron 5577OptiPlex 5055XPS 9350
Inspiron 5676OptiPlex 7010XPS 9530
Inspiron 5737OptiPlex 7020XPS 9550
Inspiron 5749OptiPlex 7090 UltraXPS ONE 2710

Source :
https://www.dell.com/support/kbdoc/it-it/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability?lang=en

The cost of ransomware attacks: Why and how you should protect your data

As the COVID-19 pandemic ravaged the world in 2020, ransomware attacks grew to epidemic proportions of their own. Almost every day, both large and small companies across every industry — all lacking ransomware protection — were attacked. Now with incidents on the rise, organizations are rushing to implement data protection strategies to reduce their exposure.

By 2031, ransomware is likely to cost victims more than $250 billion annually, with a new attack occurring every 2 seconds.1

But, while everyone can agree that ransomware is a major threat, what are the actual costs that come with a ransomware attack? And, more importantly, what can you do to defend yourself from them?

What is ransomware?

Ransomware is malicious software (malware) used in a cyberattack to encrypt a victim’s data with a key known only to the attacker, rendering the data unusable until a ransom payment (usually cryptocurrency like Bitcoin) is paid by the victim. Ransomware activity has become pervasive, impacting 50% of organizations in 2020.2

Recently, however, ransomware incidents have become even more insidious. In the past, attackers would simply force companies to pay a ransom to unlock data. Today, 70% of occurrences employ double extortion tactics, where attackers exfiltrate and steal sensitive company information to coerce companies to pay even more.3 If payment isn’t made, the attackers leak the data onto the dark web.

The real costs of ransomware attacks

Ransomware has many costs, from the ransom amount to the costs of recovering from the occurrence to the damage to your organization’s brand. All of the costs add up to significant amounts and can take a major toll on your business.

Ransom costs

2020 was a very good year for ransomware attackers. The number of companies willing to pay increased, as did the size of the payouts.

Remediation costs

Beyond the ransom itself, there are the costs it takes to recover from an attack — including investing in IT resources to rebuild servers and recover data. There are also the costs of the disruption to the business, like lost revenue incurred from downtime.

Intangible costs: more than money

Beyond the direct costs of ransom and remediation, there are the soft costs of PR fiascos, brand erosion, and the reduced confidence of customers and partners. In addition, boards of directors and governments are starting to require immediate reporting of cybersecurity incidents, which take resources and incur more costs. For example, the U.S. Transportation Security Administration (TSA) will require pipeline companies to report incidents within 12 hours.

Using a modern cloud-native security solution for ransomware protection

While ransomware attacks are on the rise — and more costly than ever — there are risk mitigation strategies that you can take to defend against attacks and other cybersecurity threats. Cisco Umbrella, the cloud-native, multi-function security service, unifies firewall, secure web gateway (SWG), DNS-layer security, cloud access security broker (CASB), and threat intelligence into a single cloud service to help businesses of all sizes secure their network against ransomware and cybersecurity threats.

So, how exactly does Cisco Umbrella provide ransomware protection?

Blocks the first phase of attack — malicious internet requests at the DNS layer

Ransomware attackers need to stage internet infrastructure before they can launch an attack. Cisco Umbrella stops ransomware attacks early by blocking internet connections to the malicious sites that serve up ransomware. Cisco Umbrella enforces security at the DNS and IP layers, processing 220 billion internet requests for more than 20,000 businesses every day, preventing users from ever accessing most malicious content sites.

Unifies other security services for robust protection — anywhere and everywhere

With users accessing data and apps both on and off network and on many types of devices, ransomware security needs to be everywhere. Instead of a variety of individual standalone security solutions, Cisco Umbrella combines DNS-layer, firewall, SWG, CASB, and threat intelligence functions into a single cloud service to help businesses of all sizes secure their users, applications, and data, wherever they are.

Leverages unmatched threat intelligence

The best defense is a good offense. Cisco Umbrella uses intelligence from Cisco Talos, one of the largest commercial threat intelligence teams in the world, to offensively discover and block new threats before they become attacks. In addition, backed by more than 300 researchers, Cisco Umbrella uncovers and blocks a broad spectrum of malicious domains, IPs, URLs, and files being used in attacks.

Delivers proven performance against threats

Cisco Umbrella has a track record of tried-and-tested threat detection and security efficacy, backed by third-party validation. AV-TEST, an independent security organization, conducted a study of threat efficacy among leading cloud security vendors. Cisco Umbrella received top marks across the board, with a 96.39% threat detection rate — the highest in the industry.10

Take preventative action to defend your data

Ransomware attacks and their associated costs pose a serious threat to your business. But there are ways to defend against ransomware and mitigate the risks. Cisco Umbrella uses multiple, advanced security functions to provide protection from ransomware and other security threats. Want to learn even more about how to defend your data? Download the Ransomware Defense for Dummies ebook.

1 Brave, David, Global Ransomware Damage Costs Predicted to Reach $250 Billion (USD) by 2031, Cyber Security Ventures, June 1, 2021.
2 2021 Cyber security threat trends – phishing, crypto top the list, Cisco, June 1, 2021.
3 Brave, David, Global Ransomware Damage Costs Predicted to Reach $250 Billion (USD) by 2031, Cyber Security Ventures, June 1, 2021.
4 Highlights from the 2021 Unit 42 Ransomware Threat Report, Palo Alto Networks, March 17, 2021.
5 Highlights from the 2021 Unit 42 Ransomware Threat Report, Palo Alto Networks, March 17, 2021.
6 Yeap, Yuen Pin, Why Ransomware Costs Businesses Much More Than Money, Forbes, April 30, 2021.
7 Scroxton, Alex, Average Ransomware Cost Triples, Says Report, Computer Weekly, March 17, 2021.
8 Yeap, Yuen Pin, Why Ransomware Costs Businesses Much More Than Money, Forbes, April 30, 2021.
9 Andrus, Danielle, Ransomware Incidents, Costs On the Rise, and No Target Is Too Small, Benefits Pro, May 5, 2021.
10 DNS-Layer Protection & Secure Web Gateway Security Efficacy Test, AV-TEST, February 2021.

Source :
https://umbrella.cisco.com/blog/cost-of-ransomware-attacks