Dell has released a security patch that fixes a security vulnerability that affects many Dell computers dating back to 2009 along with instructions on how to install them if your computer is affected (through threat post). The vulnerability, found by security research firm SentinelLabs, is contained in a driver used by the Dell and Alienware firmware updater programs, and allows an attacker to obtain full kernel-level permissions on Windows.
If you have a Dell computer, chances are it is vulnerable – the list of affected computers on the Dell website has over 380 models, including some of the latest XPS 13 and 15 models, and the G3, G5, and G7 gaming laptops. Dell also lists nearly 200 affected computers that it believes are no longer receiving service.
Both Dell and SentinelLabs say they have seen no evidence of the vulnerability being exploited by hackers, despite the fact that it has been around for so long. Dell FAQs indicates that someone must somehow have access to your computer to take advantage of the bug, which they can get through malware, phishing, or gaining remote access rights.
It’s also worth noting that, according to Dell, the vulnerable driver is not pre-loaded on systems, but is installed when the user updates their computer’s firmware.
But even if you don’t remember doing anything like this, you should probably open the Dell or Alienware Update utility and install something available on your to-do list today.