Dell has released a security patch that addresses a security vulnerability that affected many Dell computers back in 2009, along with instructions on how to install it if your computer is affected (via threat mail). The vulnerability, found by security research firm SentinelLabs, is present in a driver used by Dell and Alienware’s firmware update tools, allowing an attacker to gain full permission at the Windows kernel level.
If you have a Dell computer, there is a good chance that it may be vulnerable – the list of affected computers on the Dell website has over 380 models, including some of the latest XPS 1
Both Dell and SentinelLabs say they have seen no evidence that the vulnerability is being exploited by hackers, despite the fact that it has been around for so long. Dell’s frequently asked questions indicate that someone will need to access your computer in some way to take advantage of the error that they may obtain through malware, phishing, or remote access rights.
It is also worth noting that, according to Dell, the vulnerable driver is not preloaded on systems – instead, it is installed when the user updates their computer’s firmware.
Although you may not remember to do anything similar, you should probably add to open the Dell utility or Alienware Update and install everything available on your to-do list today.