Dell security flaw from 2009 affects 'hundreds of millions' of PCs: How to fix it

Nuke them from orbit. It's the only way to be sure.
  • Brad Chacos (PC World (US online))
  • 05 May, 2021 19:58

First, the bad news: Security researchers recently discovered five high-severity flaws in Dell’s firmware update driver—and they’ve been pushed to customer computers ever since 2009. Now the good news: A fix is already (finally?) available for people who own Dell desktops, laptops, and tablets.

You’ll want to take advantage if you’re affected, as the secretive code won’t stay a secret for long.

“These multiple high severity vulnerabilities in Dell software could allow attackers to escalate privileges from a non-administrator user to kernel mode privileges,” writes Kasif Dekel, a security researcher at SentinelOne that sniffed out the vulnerability. That could let attackers bypass security software or assault the network of an organization that deploys Dell PCs. “Over the years, Dell has released BIOS update utilities which contain the vulnerable driver for hundreds of millions of computers (including desktops, laptops, notebooks, and tablets) worldwide.”

Yep, that’s bad news all right—but it might not be quite as bad as it sounds. “At this time, SentinelOne has not discovered evidence of in-the-wild abuse,” Dekel says. The company is withholding its proof-of-concept for the flaws until June 1 to give users time to get patched and protected.

Dell also says that “The vulnerability cannot be exploited remotely. A malicious actor must first obtain (local) authenticated access to your device.” The need for an attacker to be physically sitting at your computer greatly reduces the practical reach of potential exploits, though these remain critical flaws that should be patched.

On that note, Dell just published a security advisory about the vulnerabilities (collectively identified as CVE-2021-21551) that offers several methods to fix the issues. There’s also a helpful FAQ written in plainer language. You’ll need to eradicate the troublesome driver first, either by running the Dell Security Advisory Update - DSA-2021-088 utility or by manually removing the vulnerable dbutil_2_3.sys driver. By May 10, Dell’s system management apps (such as Dell Command Update, Dell Update, and Alienware Update) will also be able to perform the task. Nuking the file eliminates the threat.

Do it. “While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action,” Dekel says.

After that, you’ll need to install a fixed version of the software from Dell if you want to continue receiving firmware updates. Your system’s preinstalled Dell management app should handle the process, but the exact details will depend on your system’s configuration. Squashing a bug from 2009 is complicated!

Currently, a fixed Windows 10 driver is available, and Dell says one for Windows 7 and 8.1 systems will be posted by the end of July. Older Dell systems beyond their end-of-life don’t look like they’ll be fixed, so be sure to delete that vulnerable driver on those. Dell says the driver is only used by the firmware updater, not other system hardware or software, so removing it shouldn’t affect your system’s performance in any way.

We strongly recommend visiting Dell’s DSA-2021-088 security page for full details on the complex steps that are potentially needed to plug the hole (and to witness the truly staggering list of affected Dell computers). If you want more details about the flaws themselves, check out SentinelOne’s disclosure. And if all this vulnerability talk has the skin on the back of your neck crawling, our guide to the best Windows antivirus software can help ensure your system’s security is in tip-top shape.