Dell closes twelve-year-old security hole

Dell closes twelve-year-old security hole

Computer maker Dell has released a security patch that is potentially critical to “hundreds of millions of Dell computers”. At least that’s how they put it IT security company SentinelWhich discovered a total of five weaknesses in Dell software. In particular, it is a driver program that imports so-called firmware updates into Dell products.

Firmware is the basic operating software of computer hardware, the operating system under the operating system, so to speak, which enables programs such as Windows to address hardware previously. This is possibly one reason why the error is classified as potentially very dangerous. Attackers can exploit the vulnerability to gain extended rights over their victim’s computer. For example, you can take control of a computer or use a company network from there.

It is not uncommon for IT experts to discover such security gaps, but this is certainly the length of time that vulnerability existed in Dell’s systems. Because, as the Sentinel reports, problematic software can be found in computers that have been produced between 2009 and today. These include popular notebook series such as the XPS 13 and XPS 15, but also have Optiplex desktops and Alienware gaming PCs, as well as some docking stations for notebooks.

Hundreds of models affected

Regardless of how many devices are affected, SentinelOn’s estimate is not clear. Dell guides on their website Nearly 400 affected models On. As the company is one of the three largest PC manufacturers worldwide with Lenovo and HP and in the fourth quarter of 2020 alone Has sold over 13 million computersThe number may actually be in the three-digit million range.

According to SentinelOne, however, there is no evidence yet that the vulnerability has been actively exploited. Now that information is publicly available at the latest, you should protect Dell computers against potential attacks. On one Information page on security vulnerabilities The company advises going forward.

More from Laurence Porter
Second major data breach in just one week
Linkedin-logo. (Photo: Asif Islam / Shutterstock.com) April 9, 2021, 3:00 pm. No...
Read More
Leave a comment

Your email address will not be published. Required fields are marked *