Dell releases firmware patch to fix security bugs in hundreds of computers dating back to 2009

A recent security patch released by Dell fixes a vulnerability affecting many Dell computers manufactured since 2009.

The security loophole was found by security research firm SentinelLabs, which discovered five severe flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets.

These multiple vulnerabilities in Dell software could allow attackers to breach to kernel mode privileges. It could also be used to bypass security products. A hacker may also gain access to execute code on unpatched Dell systems and use this vulnerability to gain some local network privileges. Attackers can then leverage other techniques to infiltrate a broader network too.

If you have a Dell computer, there’s a good chance it could be vulnerable. The list of affected Dell computers has over 380 models on it, including some of the latest XPS 13 and 15 models, and the G3, G5, and G7 gaming laptops. Dell also lists almost 200 affected computers that it considers to be no longer receiving service.

Both Dell and SentinelLabs said that they had found no evidence that these bugs had been found by hackers or been exploited, though the vulnerabilities have been around for 12 long years.

The only way to leverage these loopholes would be if someone got access to your Dell computer through malware, phishing, or being granted remote access privileges.

According to Dell, the vulnerability does not come pre-installed in the computer, but gets installed only once you have applied a BIOS, Thunderbolt, TPM, or dock firmware update to your system.

In a statement to Gadgets 360, Dell said: “We remediated a vulnerability (CVE-2021-21551) in a driver (dbutil_2_3.sys) affecting certain Windows-based Dell computers. We have seen no evidence this vulnerability has been exploited by malicious actors to date. We encourage customers to review the Dell Security Advisory (DSA-2021-088) and follow the remediation steps as soon as possible. We’ve also posted an FAQ for additional information. Thanks to the researchers for working directly with us to resolve the issue.”

A similar vulnerability was earlier exposed by SentinelLabs that had been hidden for some years in Dell computers. These high severity vulnerabilities, which have been present in Dell devices since 2009, affect hundreds of millions of devices and millions of users worldwide. If users and enterprises using these compromised devices do not patch up then the adverse impacts can be far-reaching.

The same module is not just limited to Dell machines but also some Alienware gaming laptops and desktops. SentinelLabs also cautioned that the vulnerable driver module could still be used in a BYOVD attack as Dell did not revoke the certificate while releasing the patch.

Till date, there have been no reports of wild, rampant usage of these bugs to attack these computers, but there is always the possibility that someone will latch on and unleash havoc on unsuspecting users that are using these Dell devices.

SentinalLabs, in a statement, said that they were happy with the response of Dell to their disclosure and their approach to the problem by releasing a patch so promptly.

It would be prudent to add the Dell or Alienware Update utility and installing anything available.

Anna Versai

Associate Editor (Features and Rewrite) at Technowize. Anna Versai gives a quick and entertaining look at Technology’s most fascinating news. She also writes for The HR Digest and Industry Leaders Magazine. |Follow her on Twitter @VersaiAnna

Recent Posts

Giving the latest iOS 15 update to iPhone 6S

The new bionic chip and the iOS updates add more excitement to Apple’s six-year older…

17 hours ago

Global Chip Shortage Explained

Lockdown and WFH opportunities led to an uptick in chip requirements. With people being asked…

2 days ago

Sony WF-1000XM4: True Wireless Earbuds

Sony's WF1000XM4 model has an upgraded DAC and analogue amplifier for an enhanced user experience.…

2 days ago

Apple iPad Pro 12.9 (2021) Gives You the Best Tablet Experience

Apple iPad Pro 12.9 (2021)enhances your tablet experience with the latest Apple iPad Pro 12.9…

2 days ago

Bitcoin slide puts it further in bear territory, says JP Morgan

Bitcoins, the world's best-known cryptocurrency, has had quite a volatile history since its inception. The…

2 days ago

Tidal vs Spotify vs Apple Music: Which is the Best Music Streaming Service?

Tidal vs Spotify or Spotify vs Apple Music will let you know the best music…

5 days ago