Better late than never, Dell fixes 12-year-old vulnerability affecting hundreds of millions of PCs

Dell Xps 13 9300 Lid
Dell Xps 13 9300 Lid (Image credit: Daniel Rubino/Windows Central)

What you need to know

  • A 12-year-old vulnerability was discovered in Dell computers and flagged up to the company.
  • It's estimated that hundreds of millions of devices have the vulnerability.
  • Dell has released a security update to address the vulnerability.

Hundreds of millions of Dell computers could have a vulnerability, according to a security report by SentinelLabs. Five high severity flaws were found in Dell's firmware update driver. These flaws impact Dell laptops, desktops, notebooks, and tablets. SentinelLabs states that hundreds of millions of Dell devices with the vulnerability have been released since 2009. Dell has released a security update to address the vulnerability.

The flaws in the firmware update are all assigned one Common Vulnerabilities and Exposures (CVE) number, but SentinelLabs breaks them down into five flaws:

  • CVE-2021-21551: Local Elevation Of Privileges #1 – Memory corruption
  • CVE-2021-21551: Local Elevation Of Privileges #2 – Memory corruption
  • CVE-2021-21551: Local Elevation Of Privileges #3 – Lack of input validation
  • CVE-2021-21551: Local Elevation Of Privileges #4 – Lack of input validation
  • CVE-2021-21551: Denial Of Service – Code logic issue

SentinelLabs already has a proof of concept to demonstrate how these issues can affect PCs but is withholding sharing it until June 1, 2021 to give people a chance to update.

The report from SentinelLabs explains the potential impact of the vulnerabilities:

The high severity flaws could allow any user on the computer, even without privileges, to escalate their privileges and run code in kernel mode. Among the obvious abuses of such vulnerabilities are that they could be used to bypass security products.

The report adds that an attacker with access to an organization's network can also manage to execute code to gain local elevation of privilege.

Dell released a patch for the vulnerabilities and explains them in great detail in a support document.

SentinelLabs states that it hasn't seen any indication that the vulnerabilities have been exploited in the wild, but warns that "with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action."

CATEGORIES
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.