Millions of Dell computers, laptops, and tablets ranging from 2009 and running on Windows can be exploited for cyber attacks. These devices can easily be hijacked for malware attacks and granting rogue admin access.
This is a result of 5 vulnerabilities discovered in Dell’s dbutil_2_3.sys driver that comes with its devices. These vulnerabilities can be exploited to cause system crashes, steal data, and grant administrator-level access to hackers. Though these can only be exploited by applications already running on the machine and only when someone is logged in.
A senior security researcher responsible for finding these vulnerabilities, Kasif Dekel, said:
While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action.
He adds that these exploits are relatively easy to abuse and there are no security checks for if a hacker is sufficiently authorized or privileged.
However, Dell has already worked on a patch to fix this driver vulnerability which should become widely available next week. This is because the security researchers had already reported the issue to Dell in December last year before making the report public.