Dell issues high-priority security patch for hundreds of machines dating back to 2009

P

Polycount

Posts: 3,017   +590
Staff
What just happened? If you thought your aging Dell laptop was safe from modern malware or hacking exploits, think again. Dell has just released a retroactive, high-priority software patch for hundreds of its machines, some of which have initial releases dating back to 2009.

The patch addresses an "insufficient access control vulnerability" present in the dbutil_2_3.sys driver, which can be found on Windows-equipped Dell systems with user-installed firmware update packages. Not all Dell machines are affected, but many are; 380, to be precise.

Impacted machines range from Dell's Latitude line-up to its Inspirons and even its G-series gaming notebooks. The vulnerability would allow someone with access to the machine (which could be obtained through malware) to escalate privileges and obtain kernel-level permissions.

You can find a full list of affected machines on Dell's website -- it's too expansive for us to list here. If one of your machines is on that list, your first priority should be to remove the offending driver from your system.

There are three primary ways to do this. First, you can download and run the DSA-2021-088 utility, which will automate the process for you -- we'd recommend this for most people. Alternatively, you can check the C:\Users\\AppData\Local\Temp and C:\Windows\Temp directories on your system to see if the driver is visible. If it is, select the file, hold down Shift, and then press the Delete key on your keyboard.

The final method involves using one of Dell's notification solutions (such as Dell Command, Dell Update, or Dell SupportAssist) to automatically apply the patch. This is the most convenient option (and the one that requires the least technical knowledge), but Dell's notification solutions won't support the DSA-2021-088 utility until May 10, 2021.

Once you've removed the vulnerable driver, update your device's firmware at your earliest convenience to get a "remediated" version of the file. Dell's notification solutions will work for this as well.

And that's just about it! If you've removed the driver and subsequently updated your device, you should be good to go. Hopefully, most people patch their machines before too much damage can be done.

Image credit: Monitcello, Nor Gal

Permalink to story.

https://www.techspot.com/news/89554-dell-issues-high-priority-security-patch-hundreds-machines.html

 
duckofdeath said:
This isn't bloatware, though. It's a utility to help you get support when you have issues.
Click to expand...
Yeah, the definition of bloatware. There's an utility for this, for that, for everything. Nobody wants them and nobody uses them.

here's a list of a few utilities that come preinstalled (not sure if all have them): Dell Customer Connect, Dell Foundation Services, Dell Digital Delivery Service, Dell Update Service, Dell Help and Support, Product Registration, Dell SupportAssist
 
Last edited:
  • Like
Reactions: Reehahs, fb020997, p51d007 and 5 others
duckofdeath said:
This isn't bloatware, though. It's a utility to help you get support when you have issues.
Click to expand...
You know dell has a website to do the same thing, right? Why would I want bloatware running in the background to do the same thing? I mean it could have a vulnerability that could be exploited.......oh wait.
 
  • Like
Reactions: terzaerian
Theinsanegamer said:
You know dell has a website to do the same thing, right? Why would I want bloatware running in the background to do the same thing? I mean it could have a vulnerability that could be exploited.......oh wait.
Click to expand...
The website is an image link to visually help people find where it's written on different models. The util is for maintaining drivers, firmware and recovering the OS. Yeah, exactly the same thing.
 
Puiu said:
There's an utility for this
Click to expand...

Hello! "utility" is pronounced YOUtility, so it doesn't need "an", just "a". "an" is not used for vowels in the spelling of the next word, it's for vowels in the pronunciation of the next work. Hence, "an MC" (pronounced EMc), an M.A. (pronounced EM.A.) etc.

Hope that helps!

-a very bored English teacher.
 
  • Like
Reactions: Reehahs and itgerald
poohbear said:
Hello! "utility" is pronounced YOUtility, so it doesn't need "an", just "a". "an" is not used for vowels in the spelling of the next word, it's for vowels in the pronunciation of the next work. Hence, "an MC" (pronounced EMc), an M.A. (pronounced EM.A.) etc.

Hope that helps!

-a very bored English teacher.
Click to expand...
Sorry sir, I probably also write with an east european accent :)

I'll try my best to get better at English.
 
  • Like
Reactions: Fox God Records
duckofdeath said:
The website is an image link to visually help people find where it's written on different models. The util is for maintaining drivers, firmware and recovering the OS. Yeah, exactly the same thing.
Click to expand...
Still, it's bloatware that nobody wants. It's software that is added on top of a clean install that does absolutely nothing.

Want OS recovery? Windows already has that. Want driver updates? Nobody uses the dell application for that. Firmware updates? The website is used for that. Is your laptop broken? You will call Dell, look online for an answer or take your laptop to a repair center if you can't open it anymore
 
Puiu said:
Still, it's bloatware that nobody wants. It's software that is added on top of a clean install that does absolutely nothing.

Want OS recovery? Windows already has that. Want driver updates? Nobody uses the dell application for that. Firmware updates? The website is used for that. Is your laptop broken? You will call Dell, look online for an answer or take your laptop to a repair center if you can't open it anymore
Click to expand...
I've worked in tech for decades. The util is there to streamline support. If the util gives a thumbs up on your software and firmware the company's tech support knows they can go ahead and troubleshoot issues. It works, because 99% of home users calling in to tech support are pathological liars about what they've done.
 
poohbear said:
Hello! "utility" is pronounced YOUtility, so it doesn't need "an", just "a". "an" is not used for vowels in the spelling of the next word, it's for vowels in the pronunciation of the next work. Hence, "an MC" (pronounced EMc), an M.A. (pronounced EM.A.) etc.

Hope that helps!

-a very bored English teacher.
Click to expand...
It was useful for me, because at last I understand why I must write: "an" apple and "a" university, and... "an" ugly cat. Thanks!
 
duckofdeath said:
I've worked in tech for decades. The util is there to streamline support. If the util gives a thumbs up on your software and firmware the company's tech support knows they can go ahead and troubleshoot issues. It works, because 99% of home users calling in to tech support are pathological liars about what they've done.
Click to expand...
Yeah... no. "99%" of them are not liars, they're just not tech savvy and those apps will never be used by them. And the rest 1% that do know how to use them, know better.

I find it very hard to believe that you "worked" in the tech industry, because if you did you would know that.
 
Puiu said:
Yeah... no. "99%" of them are not liars, they're just not tech savvy and those apps will never be used by them. And the rest 1% that do know how to use them, know better.

I find it very hard to believe that you "worked" in the tech industry, because if you did you would know that.
Click to expand...
The 99% are liars point is exactly that they are either not tech savvy or just plain lazy. I have worked with tech support, I know exactly how people tries to avoid having to call back. It's human nature to use a little white lie to think you're getting something fixed quicker.
I find it hard to believe you're serious at the moment.
 
duckofdeath said:
The 99% are liars point is exactly that they are either not tech savvy or just plain lazy. I have worked with tech support, I know exactly how people tries to avoid having to call back. It's human nature to use a little white lie to think you're getting something fixed quicker.
I find it hard to believe you're serious at the moment.
Click to expand...
Yes, I am very serious. You are trying to call bloatware necessary because of support and then call people who use said support liars. The majority of the applications have nothing to do with support anyway.
 
Puiu said:
Yes, I am very serious. You are trying to call bloatware necessary because of support and then call people who use said support liars. The majority of the applications have nothing to do with support anyway.
Click to expand...
You're literally being the stereotype right now that these utils were made to help. Yes, help you. Because you refuse to accept that someone else knows simple things you don't.
 
poohbear said:
Hello! "utility" is pronounced YOUtility, so it doesn't need "an", just "a". "an" is not used for vowels in the spelling of the next word, it's for vowels in the pronunciation of the next work. Hence, "an MC" (pronounced EMc), an M.A. (pronounced EM.A.) etc.

Hope that helps!

-a very bored English teacher.
Click to expand...

If one wishes to be perceived as pompous and supremely cultured, one does. For additional pomposity, One also utilizes 'one' when discussing other people's actions.

It is similar to saying, "An History Major."

Though, on the whole, you and I are in agreement. However, the defining point remains: What is your position regarding the Oxford comma?
 
duckofdeath said:
You're literally being the stereotype right now that these utils were made to help. Yes, help you. Because you refuse to accept that someone else knows simple things you don't.
Click to expand...
And yet they're called Bloatware by everyone, even professionals. The intention doesn't matter, it's the result. As much as you want to convince others that they're there to be "useful", the reality is that they're not helpful at all.
 
Puiu said:
And yet they're called Bloatware by everyone, even professionals. The intention doesn't matter, it's the result. As much as you want to convince others that they're there to be "useful", the reality is that they're not helpful at all.
Click to expand...
God, you're now defining EVERYTHING as bloatware. Do you even think before you press submit?
 
duckofdeath said:
God, you're now defining EVERYTHING as bloatware. Do you even think before you press submit?
Click to expand...
Yes. Any unsolicited software installed by OEMs on top of a clean windows is considered bloatware. It's generally software that is very poorly written, eat up system resources and have bugs/security issues.

Did you know that there are OEMs that actually don't install such software and use it as a plus in their marketing? :)

You can try to tell me that I'm wrong, but that's reality, GOD has nothing to do with it. Here's a nice tip that absolutely everybody uses: do you want your PC/laptop to run better? Remove the bloatware.
 
Last edited:
You must log in or register to reply here.

Similar threads

midian182
Government review criticizes Microsoft for security lapses in "preventable" Exchange hack
Replies
0
Views
76
midian182
midian182
midian182
Despite increasing to $16.8 million, Intel CEO Pat Gelsinger's compensation still pales in comparison to AMD's Lisa Su
Replies
9
Views
172
Silkaura
S
midian182
TSMC to receive $11.6 billion from US under CHIPS Act, will build third Arizona plant
Replies
9
Views
122
Starscream07
Starscream07

Latest posts

Back