Dell has released a patch that fixes several security holes in its DBUtil BIOS driver after a security researcher discovered that the driver in question could be misused by an attacker to gain elevated system privileges.
The vulnerable driver was first spotted by SentinelLabs security researcher Kasif Dekel, and the team shared its findings with the PC giant back in December last year. According to the US-based cybersecurity firm, the driver has been vulnerable since 2009, although there is currently no evidence that his shortcomings have been exploited in the wild.
The DBUtil BIOS driver is preinstalled on many Dell laptops and desktops running Windows and is responsible for Dell firmware updates through the Dell BIOS utility. It is estimated that hundreds of millions of the company’s devices received the vulnerable driver through BIOS updates.
Five different flaws
After a closer examination of the DBUtil driver, Dekel discovered a collection of five bugs that are currently being tracked as