Dell is issuing a security patch for hundreds of computer models going back to 2009

Photo by Monica Chin / The Verge
If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Dell has released a security patch that fixes a security vulnerability affecting many Dell computers going back to 2009, along with instructions on how to install it if your computer is affected (via threatpost). The vulnerability, found by security research firm SentinelLabs, is present in a driver used by Dell and Alienware’s firmware update utilities, and it allows an attacker to gain full kernel-level permissions in Windows.

If you have a Dell computer, there’s a good chance it could be vulnerable — the list of affected computers on Dell’s website has over 380 models on it, including some of the latest XPS 13 and 15 models, and the G3, G5, and G7 gaming laptops. Dell also lists almost 200 affected computers that it considers to be no longer receiving service.

Both Dell and SentinelLabs say that they haven’t seen evidence of the vulnerability being exploited by hackers, despite the fact that it’s been around for so long. Dell’s FAQ indicates that someone would have to have access to your computer in some way to take advantage of the bug, which they could get through malware, phishing, or being granted remote access privileges.

It is also worth noting that, according to Dell, the vulnerable driver isn’t pre-loaded on systems — instead, it gets installed when the user updates their computer’s firmware.

Still, even if you don’t remember doing anything like that, you should probably add opening the Dell or Alienware Update utility and installing anything available to your to-do list today.

Comments

You mean my 2009 Inspiron 1525 might be vulnerable?

Good thing I just blanked it and turned into the world’s heaviest chromebook.

Hahaha, it doesn’t seem to be on the list, but either way their FAQ says only Windows-based systems are vulnerable. ChromeOS should be good to go

So my Latitude E5550 running Linux is safe

No news here /s

laughs in Fedora Linux M4800

M4800 here too, I use it as a desktop replacement

They don’t make them like the M4800 anymore. Hoping to hold on to this thing forever.

Hey we agree on one thing though

FEDORA’s the way.

Will Windows Update grab this, or do I have to go manually grab it from Dell?

It doesn’t seem like Windows Update will get this, no. Dell recommends using its utility to fix it

I have the Optiplex 3240 AIO. Checked the driver location manually, but it’s not there. I guess it has to do with the fact that I performed a fresh Windows 10 installation with my new SSD to get rid of the Dell bloatware a few years back. First time I see running a fresh installation and getting rid of a factory firmware/bloatware does pay off lol

Man can Microsoft provide hooks for OEMs to integrate that with Windows Update? So we can at least only deal with one buggy update system.

Thankfully Dell makes a stand alone Update utility now. For a while the terrible SupportAssist was the only option and that crapware had its own security problems.

View All Comments
Back to top ↑