If you own a Dell-branded Windows PC, chances are, you’ll need to update your machine ASAP. The leading PC manufacturer has issued a patch that addresses five “high severity” flaws. And this issue affects hundreds of Dell models that have been released since 2009, and impacts Microsoft operating systems from Windows 7 to the latest flagship OS – Windows 10.
The vulnerability was discovered by the security experts at Sentinel Labs, who outlined their findings in a post online.
Laptops, desktops, notebooks and tablets made by Dell are all impacted by the driver vulnerability, which could lead to privilege escalation or denial of service attacks.
Thankfully, there’s no evidence of the flaw being exploited in the wild – with Dell saying a bad actor would either need local access to a machine or trick a victim with a phishing attack to carry out the hack.
Speaking about the risk of these vulnerabilities, Sentinel Labs said: “These high severity vulnerabilities, which have been present in Dell devices since 2009, affect hundreds of millions of devices and millions of users worldwide.
“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action. Our reason for publishing this research is to not only help our customers but also the community to understand the risk and to take action.”
If you have a Dell machine and are worried you’ve been impacted then the good news is a patch has been released.
You can head to the Dell website to find a full list of affected machines and download the update needed to resolve the issue.
The operating systems affected by the vulnerability are Windows 7, Windows 8.1 and Windows 10. In terms of the impacted Dell machines, some 381 supported Dell devices are at risk from the vulnerability.
Among the affected lines are XPS, Inspiron and some Dell Dock devices as well as plenty of others. While 195 Dell platforms that have reached their end of service are also impacted by the flaw, including seven Alienware computers.
Dell has advised affected customers to update their machines as soon as possible. The security vulnerability has been classified as CVE-2021-21551 and has a CVSS score of 8.8. The CVSS scale is a ranking system used to rate the severity of computer system security vulnerabilities.
The now patched Dell vulnerability is not far off from being ranked as the highest threat possible – critical. Describing the flaw Dell said: “Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.”
Published at Fri, 07 May 2021 08:01:00 +0000