Dell has released a security patch that fixes a security vulnerability affecting many Dell computers going back to 2009, along with instructions on how to install it if your computer is affected (via threatpost). The vulnerability, found by security research firm SentinelLabs, is present in a driver used by Dell and Alienware’s firmware update utilities, and it allows an attacker to gain full kernel-level permissions in Windows.
If you have a Dell computer, there’s a good chance it could be vulnerable — the list of affected computers on Dell’s website has over 380 models on it, including some of the latest XPS 13 and 15 models, and the G3, G5, and G7 gaming laptops. Dell also lists almost 200 affected computers that it considers to be no longer receiving service.
Both Dell and SentinelLabs say that they haven’t seen evidence of the vulnerability being exploited by hackers, despite the fact that it’s been around for so long. Dell’s FAQ indicates that someone would have to have access to your computer in some way to take advantage of the bug, which they could get through malware, phishing, or being granted remote access privileges.
It is also worth noting that, according to Dell, the vulnerable driver isn’t pre-loaded on systems — instead, it gets installed when the user updates their computer’s firmware.
Still, even if you don’t remember doing anything like that, you should probably add opening the Dell or Alienware Update utility and installing anything available to your to-do list today.