Hundreds of millions of Dell users are at risk
Bugs have not been detected for 12 years, and could allow the ability to bypass security products, execute code, and migrate to other parts of the network.
LPE escalation errors are found in version 2.3 of the firmware update engine that was In use since 2009.
The drive handles Dell and Alienware firmware updates via Dell’s BIOS utility, and is preinstalled on most Dell and Alienware Windows machines.
According to SentinelLabs researchers, hundreds of millions of Dell devices have updates sent out on a regular basis, to both consumer and enterprise systems.
The five errors are collectively tracked as CVE-2021-21551, and have a CVSS severity rating of 8.8 out of 10, and the errors allow an attacker to obtain full permissions at the kernel level in Windows.
Dell has released a security patch that fixes the vulnerabilities, along with instructions on how to install it if your computer is affected.
And contain List of affected computers Dell has 380+ models, including some of the latest XPS 13 and XPS 15 models, and the G3, G5 and G7 gaming laptops.
Dell also lists approximately 200 affected computers that it considers no longer receiving service updates.
SentinelLabs says it has not seen evidence of hackers exploiting the vulnerability, despite the fact that it has been around for a long time.
She points common questions Dell’s firm suggests that someone must access your computer in some way to take advantage of the error, and may gain access through malware, phishing, or remote access privileges.
It should also be noted that, according to Dell, the firmware update driver is not preloaded across systems, but rather installed when the user updates the computer firmware.
Topics of interest to the reader