Dell issues high-priority security patch for hundreds of machines dating back to 2009

Polycount

Posts: 2,850   +575
Staff member
What just happened? If you thought your aging Dell laptop was safe from modern malware or hacking exploits, think again. Dell has just released a retroactive, high-priority software patch for hundreds of its machines, some of which have initial releases dating back to 2009.

The patch addresses an "insufficient access control vulnerability" present in the dbutil_2_3.sys driver, which can be found on Windows-equipped Dell systems with user-installed firmware update packages. Not all Dell machines are affected, but many are; 380, to be precise.

Impacted machines range from Dell's Latitude line-up to its Inspirons and even its G-series gaming notebooks. The vulnerability would allow someone with access to the machine (which could be obtained through malware) to escalate privileges and obtain kernel-level permissions.

You can find a full list of affected machines on Dell's website -- it's too expansive for us to list here. If one of your machines is on that list, your first priority should be to remove the offending driver from your system.

There are three primary ways to do this. First, you can download and run the DSA-2021-088 utility, which will automate the process for you -- we'd recommend this for most people. Alternatively, you can check the C:\Users\\AppData\Local\Temp and C:\Windows\Temp directories on your system to see if the driver is visible. If it is, select the file, hold down Shift, and then press the Delete key on your keyboard.

The final method involves using one of Dell's notification solutions (such as Dell Command, Dell Update, or Dell SupportAssist) to automatically apply the patch. This is the most convenient option (and the one that requires the least technical knowledge), but Dell's notification solutions won't support the DSA-2021-088 utility until May 10, 2021.

Once you've removed the vulnerable driver, update your device's firmware at your earliest convenience to get a "remediated" version of the file. Dell's notification solutions will work for this as well.

And that's just about it! If you've removed the driver and subsequently updated your device, you should be good to go. Hopefully, most people patch their machines before too much damage can be done.

Image credit: Monitcello, Nor Gal

Permalink to story.

 

Puiu

Posts: 4,601   +3,446
TechSpot Elite
This isn't bloatware, though. It's a utility to help you get support when you have issues.
Yeah, the definition of bloatware. There's an utility for this, for that, for everything. Nobody wants them and nobody uses them.

here's a list of a few utilities that come preinstalled (not sure if all have them): Dell Customer Connect, Dell Foundation Services, Dell Digital Delivery Service, Dell Update Service, Dell Help and Support, Product Registration, Dell SupportAssist
 
Last edited:

Theinsanegamer

Posts: 2,452   +3,610
This isn't bloatware, though. It's a utility to help you get support when you have issues.
You know dell has a website to do the same thing, right? Why would I want bloatware running in the background to do the same thing? I mean it could have a vulnerability that could be exploited.......oh wait.
 

duckofdeath

Posts: 377   +481
You know dell has a website to do the same thing, right? Why would I want bloatware running in the background to do the same thing? I mean it could have a vulnerability that could be exploited.......oh wait.
The website is an image link to visually help people find where it's written on different models. The util is for maintaining drivers, firmware and recovering the OS. Yeah, exactly the same thing.
 

poohbear

Posts: 630   +548
There's an utility for this

Hello! "utility" is pronounced YOUtility, so it doesn't need "an", just "a". "an" is not used for vowels in the spelling of the next word, it's for vowels in the pronunciation of the next work. Hence, "an MC" (pronounced EMc), an M.A. (pronounced EM.A.) etc.

Hope that helps!

-a very bored English teacher.
 

Puiu

Posts: 4,601   +3,446
TechSpot Elite
Hello! "utility" is pronounced YOUtility, so it doesn't need "an", just "a". "an" is not used for vowels in the spelling of the next word, it's for vowels in the pronunciation of the next work. Hence, "an MC" (pronounced EMc), an M.A. (pronounced EM.A.) etc.

Hope that helps!

-a very bored English teacher.
Sorry sir, I probably also write with an east european accent :)

I'll try my best to get better at English.
 

Puiu

Posts: 4,601   +3,446
TechSpot Elite
The website is an image link to visually help people find where it's written on different models. The util is for maintaining drivers, firmware and recovering the OS. Yeah, exactly the same thing.
Still, it's bloatware that nobody wants. It's software that is added on top of a clean install that does absolutely nothing.

Want OS recovery? Windows already has that. Want driver updates? Nobody uses the dell application for that. Firmware updates? The website is used for that. Is your laptop broken? You will call Dell, look online for an answer or take your laptop to a repair center if you can't open it anymore
 

duckofdeath

Posts: 377   +481
Still, it's bloatware that nobody wants. It's software that is added on top of a clean install that does absolutely nothing.

Want OS recovery? Windows already has that. Want driver updates? Nobody uses the dell application for that. Firmware updates? The website is used for that. Is your laptop broken? You will call Dell, look online for an answer or take your laptop to a repair center if you can't open it anymore
I've worked in tech for decades. The util is there to streamline support. If the util gives a thumbs up on your software and firmware the company's tech support knows they can go ahead and troubleshoot issues. It works, because 99% of home users calling in to tech support are pathological liars about what they've done.
 

Geralt

Posts: 294   +353
TechSpot Elite
Hello! "utility" is pronounced YOUtility, so it doesn't need "an", just "a". "an" is not used for vowels in the spelling of the next word, it's for vowels in the pronunciation of the next work. Hence, "an MC" (pronounced EMc), an M.A. (pronounced EM.A.) etc.

Hope that helps!

-a very bored English teacher.
It was useful for me, because at last I understand why I must write: "an" apple and "a" university, and... "an" ugly cat. Thanks!
 

Puiu

Posts: 4,601   +3,446
TechSpot Elite
I've worked in tech for decades. The util is there to streamline support. If the util gives a thumbs up on your software and firmware the company's tech support knows they can go ahead and troubleshoot issues. It works, because 99% of home users calling in to tech support are pathological liars about what they've done.
Yeah... no. "99%" of them are not liars, they're just not tech savvy and those apps will never be used by them. And the rest 1% that do know how to use them, know better.

I find it very hard to believe that you "worked" in the tech industry, because if you did you would know that.
 

duckofdeath

Posts: 377   +481
Yeah... no. "99%" of them are not liars, they're just not tech savvy and those apps will never be used by them. And the rest 1% that do know how to use them, know better.

I find it very hard to believe that you "worked" in the tech industry, because if you did you would know that.
The 99% are liars point is exactly that they are either not tech savvy or just plain lazy. I have worked with tech support, I know exactly how people tries to avoid having to call back. It's human nature to use a little white lie to think you're getting something fixed quicker.
I find it hard to believe you're serious at the moment.
 

Puiu

Posts: 4,601   +3,446
TechSpot Elite
The 99% are liars point is exactly that they are either not tech savvy or just plain lazy. I have worked with tech support, I know exactly how people tries to avoid having to call back. It's human nature to use a little white lie to think you're getting something fixed quicker.
I find it hard to believe you're serious at the moment.
Yes, I am very serious. You are trying to call bloatware necessary because of support and then call people who use said support liars. The majority of the applications have nothing to do with support anyway.
 

duckofdeath

Posts: 377   +481
Yes, I am very serious. You are trying to call bloatware necessary because of support and then call people who use said support liars. The majority of the applications have nothing to do with support anyway.
You're literally being the stereotype right now that these utils were made to help. Yes, help you. Because you refuse to accept that someone else knows simple things you don't.
 

Fox God Records

Posts: 55   +38
Hello! "utility" is pronounced YOUtility, so it doesn't need "an", just "a". "an" is not used for vowels in the spelling of the next word, it's for vowels in the pronunciation of the next work. Hence, "an MC" (pronounced EMc), an M.A. (pronounced EM.A.) etc.

Hope that helps!

-a very bored English teacher.

If one wishes to be perceived as pompous and supremely cultured, one does. For additional pomposity, One also utilizes 'one' when discussing other people's actions.

It is similar to saying, "An History Major."

Though, on the whole, you and I are in agreement. However, the defining point remains: What is your position regarding the Oxford comma?
 

Puiu

Posts: 4,601   +3,446
TechSpot Elite
You're literally being the stereotype right now that these utils were made to help. Yes, help you. Because you refuse to accept that someone else knows simple things you don't.
And yet they're called Bloatware by everyone, even professionals. The intention doesn't matter, it's the result. As much as you want to convince others that they're there to be "useful", the reality is that they're not helpful at all.
 

duckofdeath

Posts: 377   +481
And yet they're called Bloatware by everyone, even professionals. The intention doesn't matter, it's the result. As much as you want to convince others that they're there to be "useful", the reality is that they're not helpful at all.
God, you're now defining EVERYTHING as bloatware. Do you even think before you press submit?
 

Puiu

Posts: 4,601   +3,446
TechSpot Elite
God, you're now defining EVERYTHING as bloatware. Do you even think before you press submit?
Yes. Any unsolicited software installed by OEMs on top of a clean windows is considered bloatware. It's generally software that is very poorly written, eat up system resources and have bugs/security issues.

Did you know that there are OEMs that actually don't install such software and use it as a plus in their marketing? :)

You can try to tell me that I'm wrong, but that's reality, GOD has nothing to do with it. Here's a nice tip that absolutely everybody uses: do you want your PC/laptop to run better? Remove the bloatware.
 
Last edited: