Dell driver vulnerability affects hundreds of millions of PCs

Dell is issuing a patch for 380 models going back to 2009.

Carlo Allegri / reuters

Dell has been releasing a firmware update driver since 2009 that contains "five high severity flaws," according to security researchers at Sentinel Labs. The issue could affect hundreds of millions of PC, but the PC maker has now addressed the issue with a security patch, according to a Dell security advisory update.

The flaw (in a file called DBUtil) is actually a connection of five vulnerabilities, collectively tracked as CVE-2021-21551. Four of the flaws lead to privilege escalation and one leads to denial of service. Some 380 models are affected, ranging from desktops to the latest Alienware and Dell laptops. If you own a Dell computer, even one no longer being supported, there's a good chance that it's on the list.

There's no evidence to date of the vulnerability being exploited in the wild. According to Dell's FAQ, an attacker would need local access to your machine to exploit the hack or trick the user via phishing or other means. On top of that, it would only affect the PC if you've updated the firmware, as the driver in question isn't preloaded on PCs.

Sentinel Labs researchers have provided technical information about the flaw but are holding back details on exploitation to give users time to patch. If you think your PC might be affected, follow Dell's guide to address the vulnerability here.