'Hundreds of millions' of Dell PCs threatened by security flaws — what to do [updated]

(Image credit: Tom's Guide)

Hundreds of millions of Dell desktops, laptops and servers take serious security flaws that could allow malware to take over the machines.

The flaws, five in all, have to exercise with a organization driver dating back to 2009 called dbutil_2_3.sys, which lets the user update a computer's BIOS/UEFI firmware (the low-level motherboard software that starts upwardly a PC) from Windows.

Millions of Dells tin be hacked remotely — what you demand to know
The best laptops you tin buy right now
Plus: Chinese Goggle box maker: Yes, our Android TVs spied on customers

Newer Dell machines have this flawed commuter pre-installed, said Lookout I researcher Kasif Dekel in a written report. Older Dell machines may accept installed the driver when the updated their BIOS/UEFI or other firmware.

All versions of Windows are affected, although Dell machines running Linux should exist fine.

What you tin can do at present

To prepare this flaw, Dell has released a tool that removes the dodgy system driver. You'll have to input your Dell model name or service tag, and so the tool'south spider web page should provide the correct driver along with the removal tool.

Nonetheless, we establish that not everyone tin can use the tool. While there's a fix available for our 2018 Dell Breadth 5490, our 2013 Dell XPS 13 (which runs the latest Windows 10 build just fine) is out of luck.

[Correction: We took a second look at the tool folio, which is a bit confusing, and realized that what information technology actually says is that not all systems, particularly many that are out of service, cannot go new drivers to replace the faulty i. Only all systems tin can download and use the tool, which yous can find at the bottom of the tool page.]

Dell is promising an "enhanced" version of the firmware-removal-and-update tool on May 10 that may resolve some of the issues above. It'southward hard to tell because neither Dell's security advisory nor its FAQ nearly the flawed driver were written with anyone but It professionals in mind.

Alternately, Dell says, you tin can encounter if the dbutil_2_3.sys driver file is in the filepaths "C:\Users\<username>\AppData\Local\Temp" or "C:\Windows\Temp".

If information technology is, so select it and click the Delete key on your keyboard while holding down the Shift key to permanently delete the file.

How the flaws let hackers take over your machine

Dekel isn't explaining exactly how these flaws, grouped together in the unmarried vulnerability listing CVE-2021-21551, can be exploited.

Watch I, Dell and Microsoft agree that they won't divulge the details until users have had some time to patch the flaws. But the upshot is that a local user, fifty-fifty one with limited privileges, can use these flaws to "escalate privileges" and gain full system control.

"The high severity flaws could allow any user on the computer, even without privileges, to escalate their privileges and run lawmaking in kernel mode," wrote Dekel in his company's report. "Among the obvious abuses of such vulnerabilities are that they could be used to bypass security products" such as antivirus software.

Kernel mode is a system privilege that fifty-fifty users with administrative privileges — the ability to install, update and delete software — don't normally go.

This ways that malware that infects even the least-privileged user business relationship — say, one belonging to a child — can utilise these flaws to add together new powers and totally take over the organization.

Here's a video past Sentinel One that shows i of these exploits in action. The command-line screens show a "weak user" with limited privileges running a program called "exploit.exe" that suddenly gives the "weak user" a whole lot of system privileges.

Dekel said that as of yesterday, when his written report was released, there was no indication that any bad guys had used these flaws to attack machines.

Update: Dell clarifies some things

A Dell spokesperson told the states that "older Dell machines will be able to use the driver-removal tool" as it exists, and that May 10 is but when Dell owners volition start seeing notifications that they need to run the tool.

We were advised to look at 2 long lists of devices on the official Dell security informational, i for models withal being supported, the other for those that have reached "cease of service life." (Our 2013 XPS 13 didn't seem to be on either list.)

For devices that had reached finish of service, the Dell representative said, the user must take one of the iii options in Footstep i of the security informational: run the driver-removal tool as it is, remove the driver manually or wait to be notified on May 10. Removal of the faulty driver must exist done subsequently updating the BIOS/UEFI, other firmware or other drivers.

The all-time Windows 10 antivirus software

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has besides been a dishwasher, fry cook, long-haul commuter, code monkey and video editor. He's been rooting effectually in the information-security space for more than than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Television news spots and even moderated a panel word at the CEDIA home-technology conference. You lot tin can follow his rants on Twitter at @snd_wagenseil.