Laptops, desktops, notebooks and tablets made by Dell are all impacted by the driver vulnerability, which could lead to privilege escalation or denial of service attacks.
Thankfully, there’s no evidence of the flaw being exploited in the wild – with Dell saying a bad actor would either need local access to a machine or trick a victim with a phishing attack to carry out the hack.
“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action. Our reason for publishing this research is to not only help our customers but also the community to understand the risk and to take action.”
If you have a Dell machine and are worried you’ve been impacted then the good news is a patch has been released.
You can head to the Dell website to find a full list of affected machines and download the update needed to resolve the issue.
Among the affected lines are XPS, Inspiron and some Dell Dock devices as well as plenty of others. While 195 Dell platforms that have reached their end of service are also impacted by the flaw, including seven Alienware computers.
Dell has advised affected customers to update their machines as soon as possible. The security vulnerability has been classified as CVE-2021-21551 and has a CVSS score of 8.8. The CVSS scale is a ranking system used to rate the severity of computer system security vulnerabilities.
The now patched Dell vulnerability is not far off from being ranked as the highest threat possible – critical. Describing the flaw Dell said: “Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.”
This post originally appeared on Daily Express :: Tech Feed