Owners of Dell computers, specifically all the models manufactured from 2009 to this year, should take heed of Dell’s latest security advisory update. It describes a high-impact vulnerability that could allow “escalation of privileges, denial of service, or information disclosure.”
The vulnerability is caused by the dbutil_2_3.sys driver, which is used by Dell for firmware updates needed by Dell Command Update, Alienware Update, Dell System Inventory Agent, and Dell Platform Tags.
Through the advisory update, which also lists the affected models (Inspiron, Latitude, OptiPlex, etc.), Dell has provided several means for affected users to address the vulnerability. There is, for instance, an upcoming fix via Windows Update that users only need to download and let the operating system fix the problem automatically. This option, however, won’t be available at least until May 10.
Alternatively, the advisory update also has provided steps to manually remove the dbutil_2_3.sys driver.
Dell has provided additional information regarding the dbutil vulnerability thru this FAQs page. It states that only Dell owners running Windows may be affected, and only if they have applied certain firmware updates and used the aforementioned first-party software.