Dell has released software to fix a group of security vulnerabilities that potentially affect hundreds of millions of Dell computers worldwide.
Which Dell computers are vulnerable? Potentially any Dell computer (desktop or laptop) purchased or updated after 2009. Dell has not indicated any problem with other products as yet.
How serious is the problem? Dell has rated the problem as 8.8/10 on the severity scale. Some of the vulnerabilities potentially allow what amounts to a complete takeover of the machine, and from there your network. Attacks using these vulnerabilities could be automated using malware that is already distributed in standard email phishing campaigns.1 Criminal groups that specialise in attacking small and mid-size law firms are therefore likely to be very interested.
The good news: Current reports indicate that Dell found out about the problem before the cyber-criminals did, and have prepared a solution before attacks exploiting the vulnerabilities emerged in the wild. There is therefore a window to fix the problem while the threat remains theoretical.
What you need to do: If you use Dell computers on your network, contact your IT support and make sure they have made arrangements to remove the affected files (primarily dbutil_2_3.sys) and replace them.
If you (or any member of staff) uses a Dell laptop at home these should be fixed as well. It is common for vulnerabilities on home networks to be used as a route to attack work systems. Remember to update spare computers, those in use in remote locations and any that have been restored from backups made before the rectification.
When you need to do it: You should start the process as a matter of priority. Make enquiries of your IT provider as soon as possible with a view to having the remediation in place in the next few days or weeks. As altering drivers can affect basic functionality it may take a little while to test the solution and implement it on your network.
Even though there is no evidence of these vulnerabilities being used in attacks to date, criminals spring to action when such opportunities arise. Cybercrime groups are now very well resourced and can adapt and push out new attack systems quickly. It is reasonable to assume that the practical risk will escalate rapidly over the next few weeks.
Footnote
1 For obvious reasons Dell has not spelled out exactly how the vulnerability could be weaponised. The researchers who discovered the issue will be embargoing the details until 1 June 2021.
Share this article