'Hundreds of millions' of Dell PCs threatened by security flaws — what to do [updated]

1. Home
2. News
3. Security

'Hundreds of millions' of Dell PCs threatened past security flaws — what to practise [updated]

(Image credit: Tom'south Guide)

Hundreds of millions of Dell desktops, laptops and servers have serious security flaws that could allow malware to accept over the machines.

The flaws, 5 in all, have to practice with a system driver dating back to 2009 called dbutil_2_3.sys, which lets the user update a computer's BIOS/UEFI firmware (the low-level motherboard software that starts up a PC) from Windows.

• Millions of Dells tin exist hacked remotely — what y'all demand to know
• The best laptops yous can buy right now
• Plus: Chinese TV maker: Yes, our Android TVs spied on customers

Newer Dell machines take this flawed commuter pre-installed, said Sentinel One researcher Kasif Dekel in a written report. Older Dell machines may have installed the commuter when the updated their BIOS/UEFI or other firmware.

All versions of Windows are affected, although Dell machines running Linux should exist fine.

What you lot can practice now

To fix this flaw, Dell has released a tool that removes the dodgy system driver. Y'all'll have to input your Dell model proper name or service tag, and so the tool'due south web page should provide the correct driver along with the removal tool.

Nonetheless, we constitute that non everyone tin use the tool. While there'south a fix available for our 2018 Dell Breadth 5490, our 2013 Dell XPS 13 (which runs the latest Windows x build just fine) is out of luck.

[Correction: Nosotros took a second look at the tool page, which is a flake confusing, and realized that what it actually says is that non all systems, especially many that are out of service, cannot get new drivers to replace the faulty 1. Merely all systems can download and use the tool, which you can notice at the lesser of the tool page.]

Dell is promising an "enhanced" version of the firmware-removal-and-update tool on May ten that may resolve some of the problems in a higher place. It's difficult to tell considering neither Dell's security informational nor its FAQ about the flawed driver were written with anyone but IT professionals in mind.

Alternately, Dell says, yous can meet if the dbutil_2_3.sys driver file is in the filepaths "C:\Users\<username>\AppData\Local\Temp" or "C:\Windows\Temp".

If information technology is, and then select it and click the Delete fundamental on your keyboard while holding downwardly the Shift key to permanently delete the file.

How the flaws let hackers take over your automobile

Dekel isn't explaining exactly how these flaws, grouped together in the unmarried vulnerability listing CVE-2021-21551, tin can exist exploited.

Sentry One, Dell and Microsoft agree that they won't divulge the details until users have had some time to patch the flaws. Only the result is that a local user, even one with limited privileges, can apply these flaws to "escalate privileges" and gain full system control.

"The high severity flaws could permit any user on the computer, even without privileges, to escalate their privileges and run code in kernel mode," wrote Dekel in his company's report. "Among the obvious abuses of such vulnerabilities are that they could exist used to featherbed security products" such as antivirus software.

Kernel mode is a system privilege that even users with administrative privileges — the ability to install, update and delete software — don't ordinarily go.

This means that malware that infects fifty-fifty the least-privileged user business relationship — say, i belonging to a kid — can use these flaws to add new powers and totally have over the organisation.

Here's a video by Sentinel Ane that shows one of these exploits in action. The control-line screens show a "weak user" with limited privileges running a program called "exploit.exe" that suddenly gives the "weak user" a whole lot of system privileges.

Dekel said that as of yesterday, when his study was released, there was no indication that any bad guys had used these flaws to attack machines.

Update: Dell clarifies some things

A Dell spokesperson told us that "older Dell machines will exist able to employ the driver-removal tool" as information technology exists, and that May 10 is merely when Dell owners will start seeing notifications that they need to run the tool.

Nosotros were advised to expect at two long lists of devices on the official Dell security informational, one for models still being supported, the other for those that have reached "terminate of service life." (Our 2013 XPS 13 didn't seem to be on either list.)

For devices that had reached end of service, the Dell representative said, the user must take i of the three options in Step 1 of the security advisory: run the commuter-removal tool equally information technology is, remove the driver manually or expect to be notified on May 10. Removal of the faulty commuter must be done afterward updating the BIOS/UEFI, other firmware or other drivers.

• The all-time Windows 10 antivirus software

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has as well been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting effectually in the information-security space for more than than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Telly news spots and fifty-fifty moderated a panel give-and-take at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/dell-system-driver-flaws

Posted by: shannonarpich.blogspot.com

Share this post