Latest Dell Security Patch Fixes Exploit in Over 300 Computer Models

Dell has released a new security patch aimed at fixing a control vulnerability issue in over 300 Dell computer models released since 2009.

The issue impacts a total of 380 Dell device models, according to Techspot, and would allow someone who has access to a computer with the exploit to gain escalated privileges and even kernel-level permissions. Essentially, if done, this would give that user full control of the laptop, allowing them to access any data stored on it.

The issue originally was discovered by SentinelLabs, which reported it to Dell in December. This prompted Dell to create the fix, which it has now issued to all affected computers.

Dell also detailed the issue in an official support document on its website. Based on this post, it looks like the file which contains the vulnerability, dbutil_2_3.sys, is installed on the susceptible systems when using firmware update utility packages like Dell Command Update, Dell Update, Alienware Update, and Dell Platform Tags.

Because it's only installed when updating drivers, those who recently purchased computers on the list may not have the affected file installed on their system.

If you have a computer included on the list, then it is recommended that you install the security patch as soon as possible, just to avoid any possible problems. 

The FAQs for the update say that in order to make use of the exploit, a user would have to gain access to your computer through malware, phishing, or being granted remote access in some way. Both Dell and SentinelLabs also say they have not seen any evidence of this particular vulnerability being exploited, despite being around since 2009.

The company includes information on three ways to install the patch in its support post, though the easiest method—which uses notification solutions like Dell Command and Dell Update—won’t be available until May 10.