For Whom The Dell Tolls: Millions Of Devices At Risk
Millions of Dell Windows devices are currently at risk from a cyber-attack because they were released with a vulnerable driver installed.
Security researchers at SentinelOne’s SentinelLabs have uncovered five high-severity flaws in Dell’s firmware update driver, impacting desktops, laptops, notebooks and tablets.
Since 2009, Dell has released hundreds of millions of Windows devices worldwide which contain the vulnerable driver, the security firm said.
The flaws were reported to Dell on December 1 last year and are tracked as CVE-2021-21551, marked with CVSS Score 8.8. Dell says it has released a security patch that fixes the vulnerability, which goes back to 2009.
The vulnerability is present in a driver used by Dell and Alienware’s firmware update utilities.mIt allows an attacker to gain full kernel-level permissions in Windows.
Dell is warning there’s a good chance that many of its devices could be vulnerable and has listed affected computers on its web site.
The site has more than 380 models on it, including some of the latest XPS 13 and 15 models, and the G3, G5, and G7 gaming laptops.
Dell also lists almost 200 affected computers that it considers to be no longer receiving service.
SentinelLabs said that over the years Dell has released BIOS update utilities which contain the vulnerable driver for hundreds of millions of computers, including desktops, laptops, notebooks, and tablets worldwide.