The issue impacts a total of 380 Dell device models, according to Techspot, and would allow someone who has access to a computer with the exploit to gain escalated privileges and even kernel-level permissions. Essentially, if done, this would give that user full control of the laptop, allowing them to access any data stored on it. The issue originally was discovered by SentinelLabs, which reported it to Dell in December. This prompted Dell to create the fix, which it has now issued to all affected computers. Dell also detailed the issue in an official support document on its website. Based on this post, it looks like the file which contains the vulnerability, dbutil_2_3.sys, is installed on the susceptible systems when using firmware update utility packages like Dell Command Update, Dell Update, Alienware Update, and Dell Platform Tags. Because it’s only installed when updating drivers, those who recently purchased computers on the list may not have the affected file installed on their system. If you have a computer included on the list, then it is recommended that you install the security patch as soon as possible, just to avoid any possible problems. The company includes information on three ways to install the patch in its support post, though the easiest method—which uses notification solutions like Dell Command and Dell Update—won’t be available until May 10.
