Dell has issued a security patch for computer models as early as 2009

https://www.theverge.com/2021/5/4/22419474/dell-security-patch-kernel-level-permissions-firmware-update-driver-dbutil-sys

Dell is issuing a security patch for hundreds of computer models going back to 2009

It fixes a flaw in its update software that could give attackers full control of the computer

By Mitchell Clark  May 4, 2021, 4:27pm EDT

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

The Dell XPS 13 from the back, angled to the left.

Dell has released a security patch that fixes a security vulnerability affecting many Dell computers going back to 2009, along with instructions on how to install it if your computer is affected (via threatpost). The vulnerability, found by security research firm SentinelLabs, is present in a driver used by Dell and Alienware’s firmware update utilities, and it allows an attacker to gain full kernel-level permissions in Windows.

If you have a Dell computer, there’s a good chance it could be vulnerable — the list of affected computers on Dell’s website has over 380 models on it, including some of the latest XPS 13 and 15 models, and the G3, G5, and G7 gaming laptops. Dell also lists almost 200 affected computers that it considers to be no longer receiving service.

Both Dell and SentinelLabs say that they haven’t seen evidence of the vulnerability being exploited by hackers, despite the fact that it’s been around for so long. Dell’s FAQ indicates that someone would have to have access to your computer in some way to take advantage of the bug, which they could get through malware, phishing, or being granted remote access privileges.

It is also worth noting that, according to Dell, the vulnerable driver isn’t pre-loaded on systems — instead, it gets installed when the user updates their computer’s firmware.

Still, even if you don’t remember doing anything like that, you should probably add opening the Dell or Alienware Update utility and installing anything available to your to-do list today.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.