Dell Security Patch Save Users From Being Prey Of Hackers
- Technology Electronics
- Yang Liú
- May 11, 2021
- 0
- 5 minutes read
In yet another prominent cybersecurity exposed by a security research firm where millions of laptops and desktops by Dell have been spotted which is prone to cyber attackers exalted access to the internal systems. There is a need for a Dell security patch to ensure safety from more cybercrimes.
This lag in security is allowing hackers to conduct a broad range of cyberattacks that includes privilege up-gradation leading to rejection of services. If put in a simple term there is a bug that has been found in a pre-installed software in all desktops and laptops of Dell. This can allow the hackers to get access to the admin level in the user’s PC which would lead to the installation of malware within the system that will ultimately result in system freezing and deny the user’s access to his own machine.
About The Company
Dell is an American MNC that is popular for developing, selling, repairing, and supporting computers and their related products. And is owned by the parent company “Dell Technologies”. From the initial beginnings, Dell worked as a pioneer in the “configure to order” approach manufacturing, delivering customized PCs to its customers. In comparison to that many manufacturers at that time supplied PCs in a large order to other mediators.
Dell Security Patch
It was heard that in November 2015, Dell had its computers shipped with an indistinguishable pre-installed “root certificate” known as eDellRoot. This brought up security risks as hackers imitated HTTPS protected web pages such as that of Google and Bank Of America and the malware was signed with the certificate to cross-filtering Microsoft software. Later Dell apologized for such actions and also removed the tool.
Dell Foundation Services
Also on November 15, a researcher found that the customers who encounter diagnostic program Dell Foundation Services can digitally track by using a unique service tag number that has been assigned to them by the program itself. This was also applicable for customers who used private browsing and deleted browsing cookies. It was recommended by Ars Technica to the Dell customers to uninstall that program until the issue was solved.
The Dell Security Issue
It is being said that the issue is actually a collection of five different susceptibilities that were there in the Dell BIOS Utility Driver that is known as DBUtil. This was in action since early 2009.
“The DBUtil driver contains a module that is responsible for delivering BIOS updates on Dell’s laptops and desktops. This module had five flaws, two of which are memory corruption glitches, two are input validation failures, and one logic flaw that could be exploited for denial of service attacks.” as reported by Sentinel Labs.
Of all the attacks recorded, the team of Sentinel Labs notices that the biggest issue here is any application or services without any administrator privilege could appeal to the Dell BIOS Utility server to attain a system permission of high level. This can be said as a lack of Dell security patch not to include an “access control list” within the driver. Along with disclosed control over the functions, any hacker can obtain control by manipulating the driver flaw.
Defining the Dell security patch issue, Sentinel Labs spokesperson wrote –
“These critical vulnerabilities, which have been present in Dell devices since 2009, affect millions of devices and millions of users worldwide. As with a previous bug that lay in hiding for 12 years, it is difficult to overstate the impact this could have on users and enterprises that fail to patch.”
In the beginning, Dell was reported of the susceptibility back in December 2020. Recently after repeated tests and proofs, it has finally listed a CVE entry with a vulnerability score (CVSS) of 8.8. Though it is said that the Dell security patch will take more time to get implemented, Dell has resisted sharing any details of it as of now.
What Do We Conclude?
Dell is the world’s one of the biggest and most broad desktops and laptop manufacturers who first initiated the concept of customized desktops. Since 2009 it has sold millions of PCs among which many are likely to fall prey to this bug. The company is hence releasing a Dell security patch for all devices that have been affected in partnership with Microsoft and is also requesting its customers to fix that as soon as they release it. It is also very important to keep in mind that cyber crime has evolved over the period of time and this is another prime reason for making this patch.