A recent security patch released by Dell fixes a vulnerability affecting many Dell computers manufactured since 2009.
The security loophole was found by security research firm SentinelLabs, which discovered five severe flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets.
These multiple vulnerabilities in Dell software could allow attackers to breach to kernel mode privileges. It could also be used to bypass security products. A hacker may also gain access to execute code on unpatched Dell systems and use this vulnerability to gain some local network privileges. Attackers can then leverage other techniques to infiltrate a broader network too.
If you have a Dell computer, there’s a good chance it could be vulnerable. The list of affected Dell computers has over 380 models on it, including some of the latest XPS 13 and 15 models, and the G3, G5, and G7 gaming laptops. Dell also lists almost 200 affected computers that it considers to be no longer receiving service.
Both Dell and SentinelLabs said that they had found no evidence that these bugs had been found by hackers or been exploited, though the vulnerabilities have been around for 12 long years.
The only way to leverage these loopholes would be if someone got access to your Dell computer through malware, phishing, or being granted remote access privileges.
According to Dell, the vulnerability does not come pre-installed in the computer, but gets installed only once you have applied a BIOS, Thunderbolt, TPM, or dock firmware update to your system.
In a statement to Gadgets 360, Dell said: “We remediated a vulnerability (CVE-2021-21551) in a driver (dbutil_2_3.sys) affecting certain Windows-based Dell computers. We have seen no evidence this vulnerability has been exploited by malicious actors to date. We encourage customers to review the Dell Security Advisory (DSA-2021-088) and follow the remediation steps as soon as possible. We’ve also posted an FAQ for additional information. Thanks to the researchers for working directly with us to resolve the issue.”
A similar vulnerability was earlier exposed by SentinelLabs that had been hidden for some years in Dell computers. These high severity vulnerabilities, which have been present in Dell devices since 2009, affect hundreds of millions of devices and millions of users worldwide. If users and enterprises using these compromised devices do not patch up then the adverse impacts can be far-reaching.
The same module is not just limited to Dell machines but also some Alienware gaming laptops and desktops. SentinelLabs also cautioned that the vulnerable driver module could still be used in a BYOVD attack as Dell did not revoke the certificate while releasing the patch.
Till date, there have been no reports of wild, rampant usage of these bugs to attack these computers, but there is always the possibility that someone will latch on and unleash havoc on unsuspecting users that are using these Dell devices.
SentinalLabs, in a statement, said that they were happy with the response of Dell to their disclosure and their approach to the problem by releasing a patch so promptly.
It would be prudent to add the Dell or Alienware Update utility and installing anything available.