Some Dell laptops are facing a security vulnerability and this is how you can fix it
A security research firm recently discovered a security vulnerability on Dell laptops that could give hackers access to the device. Dell has now rolled out a fix for it and this is what you need to do.
A security research firm recently discovered a security issue that could give hackers access to your Dell laptops. The company has now rolled out a fix for that. According to reports, this security vulnerability affected at least 380 models of Dell laptops, including the high-end XPS and Alienware ones, released since 2009. Besides the fix that Dell has rolled out, there are also other things you can do to ensure your laptop is not affected.
The problem, the security vulnerability, lies in the driver that Dell laptops use to handle firmware updates. As per the Dell support page, this driver has Dell Client firmware update utility packages and software tools. The vulnerability can “lead to escalation of privileges, denial of service, or information disclosure”. The support page lists out all the models that have been impacted by the issue including XPS 13, XPS 15, and Alienware laptops. If you see your laptop on this list, don’t worry, the fix is already here. Also, Dell considers a majority of these affected laptops to be “out of service” and both the company and security researchers are of the opinion that this particular vulnerability has not been exploited by hackers.
However, if your laptop has been exploited, here’s what you can do. For starters, you need to manually remove the driver by using this Dell tool. Then you need to update the laptop’s firmware, the Dell Command Update, Dell Update, or Alienware Update. Or you can install the latest version of the Dell System Inventory or Dell Platform Tags. Updating the firmware will stop the driver from getting “reintroduced” into the system, as Dell states.
Now, if you have never updated your Dell laptop through the Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, it is possible that you have not been impacted by this issue at all. Dell says that Windows Update does not install the dbutil_2_3.sys driver, which is the affected driver.
For anyone to take advantage of this vulnerability, they would need physical or remote access to your laptop. Also, the driver only gets installed with firmware updates, it does not come pre-installed. Dell has also said that they have fixed this for all the new PCs they are shipping right now except for those that ship with Dell Command Update, Dell Update, or Alienware Update which might be automatically updated when you first run it.