Skip to main content

Thousands of PCs Vulnerable to Attacks Thanks to Flawed Dell Driver

Dell XPS 13
(Image credit: Tom's Hardware)

A huge security flaw has been found in Dell's latest dbutil driver (version 2.3) that can allow hackers to escalate privileges on a Dell machine, use a denial of service attack and access sensitive information. The flaw, which requires physical access to a machine, could potentially affect hundreds of thousands of Dell systems.

Several months ago, a security researcher at Sentinel Labs managed to find the flaws found in the dbutil driver thanks to Process Hacker, which is a program that can debug software and detect malware. The researcher found 5 bugs in all: two memory corruptions, a security issue that allows the driver to interact with non-elevated processes and a code logic issue that can result in a denial of service attack.

Perhaps the worst part of it all is that the dbutil driver is over 12 years old. A list of affected Dell computers can be found here.

Fortunately, the dbutil driver isn't critical to your system; rather, it's a utility driver that works with Dell Command Update, Dell Update, Alienware Update, and other Dell updating programs to update your drivers and firmware. 

Uninstalling the driver shouldn't be a problem, and Dell is already on top of the situation with plenty of ways to uninstall the affected driver listed here. The link will also show you how to install the patched version of the driver that doesn't have any security flaws.

The implications of this situation could be huge; all modern Dells use Dell's updating software to update drivers and firmware, so this bugged driver could already be on tens to hundreds of thousands of Dell machine.

Microsoft and Dell were able to fix the issues and bring out a new version yesterday. Hopefully, the driver gets pushed to as many Dell systems as possible.

  • punkncat
    "The flaw, which requires physical access to a machine, could potentially affect hundreds of thousands of Dell systems. "

    Nothing to see here for most of us to concern ourselves with.
    Reply
  • COLGeek
    Dell has been pushing firmware updates to affected systems. If members update accordingly, should be fine.
    Reply
  • cryoburner
    punkncat said:
    "The flaw, which requires physical access to a machine, could potentially affect hundreds of thousands of Dell systems. "

    Nothing to see here for most of us to concern ourselves with.
    Yeah, that kind of makes this largely a non-issue, at least for home users. If someone has physical access to your system, they might also reformat your hard drive and install a new OS for you while they are there. : P
    Reply
  • punkncat
    cryoburner said:
    Yeah, that kind of makes this largely a non-issue, at least for home users. If someone has physical access to your system, they might also reformat your hard drive and install a new OS for you while they are there. : P

    This starts getting into a bunch of "scenarios" of if/then and is pointless to discuss further in that regard. For a large percentage of people using a computer they will never be a victim of such attacks because there is no point. IF you work at a location that it was tantamount that such was a real threat to your operation, you are already paying people to take care of the risk from multiple vectors.
    Reply
  • USAFRet
    COLGeek said:
    Dell has been pushing firmware updates to affected systems. If members update accordingly, should be fine.
    To some people, the "U" word is Kryptonite...lol
    Reply