We have been harping on keeping your devices up to date a lot lately, but with good reason. Zero-day vulnerabilities have been discovered with increasing regularity in recent years — Google’s Project Zero security research team has already collected 21 in its spreadsheet for 2021. We covered the latest issue earlier this week when Apple rolled out iOS 14.5.1 to address two WebKit flaws that it says might have been actively exploited. Now there’s an even bigger problem, and anyone who owns a Dell computer should download the security patch immediately.
On Tuesday, security research firm SentinelLabs reported on a vulnerability in Dell’s firmware update driver impacting hundreds of the brand’s devices, from desktops to laptops to tablets. As the firm explains, the flaw can be exploited to allow anyone using the computer to escalate their privileges and run code in kernel mode.
Dell has since issued a security advisory on its website for the vulnerability with a list of nearly 400 devices that have been impacted. The list includes dozens of Inspiron and Latitude laptops, as well as recent XPS 13, XPS 15, and XPS 17 models. There is a separate list of older devices that no longer receive service but are also impacted. If you spot a device that you own on the list, here are the steps that you need to take.
First and foremost, you need to remove the vulnerable dbutil_2_3.sys driver from your system. There are a few ways to do this, but the easiest (and the one Dell recommends) is to download and run the Dell Security Advisory Update – DSA-2021-088 utility. You can also manually remove the driver by checking these two locations:
Once you find dbutil_2_3.sys, select the file, hold down the Shift key and press Delete to permanently remove it from your system. There’s also a third option, but it won’t be available until May 10th.
The next step is to ensure that the vulnerable driver is never reintroduced on your system. You can learn more about this on Dell’s website, but basically, you need to run the firmware update utility package on the relevant devices: Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags.
Somehow, despite the fact that this vulnerability has been around since 2009, Dell and SentinelLabs both say that they have not found any evidence that it has been exploited by malicious actors. It’s also worth noting that the driver doesn’t come preloaded on your PC — you have to install a firmware update to get it — but regardless of whether or not you can find the driver on your system, it’s probably time to load up that firmware update software you definitely forgot was even on your computer and install whatever it offers you.