Dell Patches Highly Vulnerable Driver Impacting Millions of Laptops, Desktops

After a security research firm discovered a security vulnerability that could give hackers access to your laptop, Dell is taking action with a fix.  For all the affected machines, Dell has released the patch that users are highly recommended to install from their end through the Dell or Alienware Update utility. The company has also provided a list of models that are being stood vulnerable due to the bugs. The list includes over 380 models and includes some of the popular Dell machines, such as the latest XPS 13 and XPS 15 notebooks as well as the Dell G3, G5, and G7 gaming laptops. There are also nearly 200 affected machines that are no longer eligible for an official service and include the Alienware 14, Alienware 17, and the Dell Latitude 14 Rugged Extreme.

At the heart of this problem is a driver that Dell’s laptops use to handle firmware updates. According to a Dell support page, this driver comes packaged with Dell Client firmware update utility packages and software tools, and a vulnerability within it can “lead to escalation of privileges, denial of service, or information disclosure.”

Additionally, the driver file itself is found to be located in the temporary folder of the operating system. SentinelLabs calls it a bug in itself and believes that it opens the door to other issues. “The classic way to exploit this would be to transform any BYOVD (Bring Your Own Vulnerable Driver) into an Elevation of Privileges vulnerability since loading a (vulnerable) driver means you require administrator privileges, which essentially eliminates the need for a vulnerability,” the researcher noted.

The support page lists all impacted laptop models, including the XPS 13, XPS 15, and other Alienware laptops. You can search through the list of models to see if your laptop is impacted, but keep in mind, the majority of the laptops impacted are ones that are considered out of service by Dell. Dell and security researchers also believe that the vulnerability was not exploited.

If your laptop is impacted, there are two steps for you to fix it. First, you must manually remove the driver using this Dell tool. After that, you can update your laptop’s firmware, update Dell Command Update, Dell Update, or Alienware Update, or install the latest version of Dell System Inventory Agent or Dell Platform Tags. Updating the firmware will prevent the driver from becoming reintroduced into the system, according to Dell.

If you never updated your Dell laptop through Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, then you’re likely not impacted by this issue. Dell says Windows Update does not install the affected dbutil_2_3.sys driver.

It’s important to note that someone would have needed physical or remote access to your laptop first to take advantage of this vulnerability. The driver also only gets installed with firmware updates and is not pre-installed. Dell even says it has remediated this for all new PCs shipping from the factory, except for systems shipping with Dell Command Update, Dell Update, or Alienware Update which might be automatically updated at first run.

This is not the first time when a severe security issue has been found on Dell machines. In 2019, the company patched a critical flaw in its SupportAssist tool that affected millions of its PC users globally. Another serious issue was found in the Dell System Detect program back in 2015 that also exposed a large number of its users to attack.

Comment here