Dell computers put at risk

Topic

New Reply

So today’s headline that I wrote above is one that I see too often. It gets you to be worried about something that I honestly don’t think attackers wi
[See the full post at: Dell computers put at risk]

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

JohnW, lurks about, petero, jburk07

Reply | Quote

Replies

Also @Microfix post from 5/4 at https://www.askwoody.com/forums/topic/dells-bells-on-horseback/

3 users thanked author for this post.

Kirsty, jburk07, Susan Bradley

Reply | Quote

Just because there is a possibility of attack doesn’t mean it is probable that it’s being attacked.

Prevention, corrective positive action is ALWAYS better than cure.

As always, feel free to disagree with me and educate me that I’m in the wrong. That’s what security is all about anyway ….weighing the risks and trying to determine if THAT is going to get me or if it’s just headlines to make me worry.

What of those clients out there who rely on IT Pros/Contractors who dismiss the possibility? Can you afford NOT to take it seriously?

“Distrust and caution are the parents of security” – Benjamin Franklin

Windows - commercial by definition and now function...

Reply | Quote

I’d rather those professional focus on two factor authentication, stop using vulnerable vpn and RDP access.  If they haven’t upped the protection on email, or encouraged the use of MFA, they have bigger holes to fix first.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Alex5723

Reply | Quote

I tend to agree with you on this issue Susan. I have a Dell.  I cannot find the offending dbutil files. I think that means they aren’t on my machine.  I tried to update the BIOS yesterday, just to be sure, but it didn’t work!! I don’t know what happened, I ran the BIOS.exe, looked away for a minute and when I came back the machine had booted (too quickly for a BIOS update) and I thought, huh, that is not good. Sure enough, BIOS is not updated. I’ve never had this happen b4 with a BIOS update, but I’m typing to you on the laptop right now. I’ll try again later.

I think one’s level of concern depends on one’s level of fear and paranoia with online security – I’m saying this from the perspective of someone who is fairly paranoid about it.  I try very hard to protect myself and my family.  I cannot worry about everything – when everything is a priority nothing is a priority. One must choose their battles and I will fight this one on the malware/phishing front! : )

Sometimes when reading the headlines (any headline actually), you can get yourself all worked up over nothing major.  We have to be more discerning.

Reply | Quote

All of these firmware/rootkit headlines make me ponder… gee… why is it that attackers use phishing lures so much? Because that’s the low hanging fruit. It’s not easy to attack us to go after Spectre style attacks.

This is true. Rather than using a complicated browser zero-day or a Spectre attack, attackers often phish. But after they phish and get a foothold in your system, they will use vulnerabilities like this one from Dell to gain more permissions and persistence.

Reply | Quote

Not any of my Dells are at risk (and not just because they don’t have Windows on them)!

I use the “BIOS” (actually UEFI, but Dell calls it BIOS, since that’s what people are familiar with) utility rather than running the executable from the OS for firmware updates, so the driver never gets installed as part of the update process. I did it that way when I used Windows too (though that was also before I had any Dell machines).

Linux also has the ability to update firmware from within the OS, though with less OEM support than Windows, but I’d just as soon skip that and do it from the UEFI. It’s going to end up there anyway to finish the process, so why not skip the extra stuff and just do it all there?

The Dell firmware comes packaged in a Windows .exe, but that .exe can be used as-is from the UEFI firmware updater too. The drive has to be a FAT formatted one for the UEFI to be able to find the firmware file, so I stick it in a subfolder in the ESP, which has the needed FAT format.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

I got a Dell firmware update a few days ago, after a long hiatus, on my Ubuntu computer.

I wondered what it was for. Now I know.

Thanks.

Reply | Quote

I also received an update from Dell for my Dimension 8900 a few days ago, which definitely included an update for the “BIOS.” Actually, I read about this issue a couple of days ago, but did not get around to reporting it here. Nonetheless, I plan to check manually for updates for the next few days–past the “by May 10” Dell fix promise date. (I’m too lazy to check out the status of the culprit file.)

Reply | Quote

But WHY would you need a BIOS update to remove a dll…?

1 user thanked author for this post.

Ascaris

Reply | Quote

People seem to be misunderstanding this issue. The problem is with a .dll in the Dell software to install the firmware update in Windows. There is no problem with the firmware itself. So if you did not install any firmware update from Windows, the .dll should not exist on your system, even if you installed the firmware from outside of Windows.

The Dell system setup in the UEFI (“BIOS” as they call it, but technically that’s not correct), which is started in my Dell laptops by pressing F2 during POST, includes a firmware update utility, so you can install firmware updates with no OS involvement at all. If you did that, the errant .dll would not be installed on your PC. That .dll is only necessary to install the firmware update from within Windows.

If you received the firmware update via Windows Update… well, I don’t know if it uses that .dll or not.

If you received the firmware update from Linux (any distro), you need not worry, as it does not use the Dell software with the vulnerability to perform the update.

If the .dll does exist on your PC, you can get rid of (delete) it… the firmware is already installed (flashed), so you no longer need the .dll. If a new firmware is released in the future, it will contain its own copy of the .dll, and by that time it will presumably be the updated version.

If you use a file search utility, you can search the entire hard drive for the file. I recommend the program “Everything,” as it instantly finds, as it says on the tin, everything. It’s the gold standard of file search, and it was one of the essential tools I did not want to do without in Windows.

As for Windows search itself… you know, I have no idea if that would find it or not. I’ve heard lots of people complain it fails to find files that are present, and since I never really used Windows search in any OS past Windows XP, I don’t know if it will find it. From 7 on, I used either Everything or the Classic Shell search from the new start menu, which was quite effective too (but not as fast as Everything).

If it searches the whole hard drive (or SSD) and does not find the file, you’re good. If it does find it, there should be no problem at all with simply deleting it.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

.dll or .sys, same deal. I guess it’s actually a .sys, but that does not matter for the purpose of this issue.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

It’s pretty shocking that Dell are not proposing a proper solution for this for Windows 7 and 8 until the end of July. Even Windows 10 isn’t immediate.

Reply | Quote

This seems to be yet another case where “keeping it minimal” also helps “keep it safe”. I don’t have dbutil_2_3.sys on my Dell Precision 7820. Why not? Because I reinstalled the OS without all that extra Dell and other junkware that I judged to provide no or minimal value.

Gee, if we cede control of our systems to someone else, that someone might make a mistake and make us vulnerable. This is just common sense. And the unacknowledged elephant in the room: Who says the update is any better? It might just expose different vulnerabilities! And a baby elephant as a bonus: Don’t be driven by fear of vulnerability!

Repeat after me: More software is not better.

Now, am >I< incapable of making a mistake in managing my own systems? Certainly not. I’m under no misconception that I am perfect. But I can also control how smart I can become about system management.

All the “advancements” in computing for just about the last 10 years now have been nearly exclusively about cloud integration and bringing about “as a service” types of software. What has this done for us?

But alas, no one making decisions about what to push on us really cares what we think here. We will never return to the saner model, more deliberate model of computing that saw a golden age come and go.

Over on the side of my desk I have a workstation, dark and quiet now, that ran a trimmed-down and cloud-stripped Win 8.1 perfectly and efficiently and securely for years (and what I mean by that is that it went years without needing a reboot even with daily hard use). But it now is “obsolete” for no other reason than everyone decided it was better for them if we moved on to Win 10. Now my newer Win 10 system – which does really nothing more or better or faster than the older one, has over 100 more processes running. And that’s after I tuned it up. What could possibly go wrong go wrong go wrong go wrong with this computing model?

-Noel

9 users thanked author for this post.

Perq, AngryJohnny75, AlexEiffel, Melvin, wavy, dmt_3904, AlphaCharlie, jburk07, Mele20

Reply | Quote

Noel Carboni wrote:

We will never return to the saner model, more deliberate model of computing that saw a golden age come and go.

Oh, I don’t know! When the cloud stops being new and exciting (it’s neither, but I am talking about in the minds of the marketers), they will have to find some other thing to be new and exciting, and so the decentralized model would rise again. There’s nothing new about the centralized model… it’s actually the oldest kind. Personal computers were the revolutionary disruptive technology that ended the mainframe era. But in time, those became the status quo, so we had the “thin client” attempt to bring back the centralized schema, which didn’t really take root.

Now they named the decentralized model something else and are giving it another shot, and Nadella is trying to cram a star-shaped peg in a round hole (with both holes having the same surface area) by trying to recast an operating system as a cloud service. I know it’s hip and trendy, but an OS is not a cloud service. It’s an OS. The cloud service is way up there toward the top of the stack, not down here with the bare metal.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

Microsoft should stop pushing ‘the cloud’ in a desperate way (no other words for it) to its customers. Windows users are mostly traditional users not interested in cloud integration that artificially pops up everywhere. Even the Windows development team somehow seems to understand that. Finally they switched Edge to the Chrome engine. And thus one can ‘install’ web-apps IN this browser, the place where they belong.

If you want to offer users of an OS (near) Cloud-only experience, you have to built a very slick and limited OS that simply runs a modern browser in which you arrange ‘everything’. Sounds familiar? Indeed: Chrome OS. Home users and schools love these things because of the simplicity, manageability and efficiency. Windows will NEVER become a cloud OS, it’s way too complex for that. Containing ancient components connected with artificially make-do macGyver-style connected web components. Of course that creates problems, huge problems sometimes.

It’s only Microsoft that tries to forcefully pushes ‘the web’ into their OS. Apple and Linux/Unix don’t do that, besides some options to use cloud storage. They do support -of course – web services- and apps, but simply via the browser. That approach guarantees stability and – above all – security. With the introduction of 10, Windows became an untamable and unmanageable beast. Customers do realize that all so well, and will slowly but surely leave the sinking ship. Which wouldn’t have been necessary at all.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Just received the update through Dell Update to remove the dbutil_2_3.sys driver on my WIN 10 Inspiron 3880 PC.  7.9MB file. No problems on the uninstall or after.

Reply | Quote

My Dell system doesn’t have  dbutil_2_3.sys (did a search on the whole SSD drive).  I did the firmware updates outside the OS, which is most likely why it’s not there.

1 user thanked author for this post.

Ascaris

Reply | Quote

“All the “advancements” in computing for just about the last 10 years now have been nearly exclusively about cloud integration and bringing about “as a service” types of software. What has this done for us?”

Not much good, if any good. XP was the last great OS. I’ve had Dells since I got my first computer in my mid 50’s in 1999. You are right, the number of processes running on Windows 10 compared to XP Pro and 98SE (which was actually a good OS) is mind boggling.

All these threads here (and elsewhere) on Dell BIOS updates have me scratching my head. When did users decide they had to update the BIOS on a “regular” basis determined by the hardware manufacturer? I was taught to NEVER update the BIOS unless there was some emergency during the life of the computer. I still adhere to that rule. Plus, I have always, with each new Dell XPS, immediately gotten rid of the Dell crapola. (I purchase 4-5 years of Dell Small Business extended warranty so if I do have to call Dell with a hardware problem, I end up having to put the Dell crapola on the computer for the phone tech but I get rid of it as soon as I can).

Thus, I wasn’t really aware of this frequent update of BIOS that Dell is pushing. I think it sad Dell has stooped to this and my opinion of Dell is lower because of this. I have a Dell XPS (these are all desktops…I have no laptops) 8500 running Windows 8.0 Pro (not 8.1 as at the time I was shocked at the large increase of processes if I moved to 8.1). It’s 8.5 years old and just died (that’s old for one on the ocean with no air conditioning and open windows all the time). I liked it better than the newer Dell 8930 with Windows 10 Pro on my current machine. I flashed the BIOS ONCE on it in all those years and never on my current 3.5 year old Dell XPS. So, I don’t have that driver with the current vulnerability and I do not understand why users listen to Dell since Dell is evidently pushing useless yet possibly dangerous frequent BIOS updates. Even if some of the reason is Intel updates that is pitiful and sad. We haven’t come very far in all these years of computing.

Reply | Quote

The system “BIOS” or firmware is software, and it needs updates for the same reasons. Bugs are found, security vulnerabilities uncovered, all of that stuff. I updated my Dell XPS (a month old) twice already, as I wanted the changes they contained. The latest, 2.2.1, had a new set of tuning parameters for the fans and CPU passive cooling, and it did bring about a noticeable improvement.

If Dell or any other OEM thinks it is worth it to offer an update and to advise me to make use of it, I certainly am willing to consider that. It does not mean I will just automatically install it, though. My Dell G3 firmware is 3 versions “out of date” by Dell standards, but they removed an important feature as a brute force way of cheaply correcting a security issue that does not affect me, so I keep the one that meets my needs better.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Alex5723

Reply | Quote

The problem was the move from a cold, utilitarian BIOS to the current UEFI standard, which makes the boot environment its own miniature operating system, complete with all the possibilities for vulnerabilities you’d expect.

I’d usually recommend regular UEFI updates for that reason alone, even though most companies are still referring to it as BIOS.

I agree though, back in the day I’d never update the BIOS unless there was dire need.

My personal favorite feature in modern-day UEFI boot environments is the addition of what they call the “developer rootkit” which allows the UEFI motherboard manufacturer to install software directly into the OS at boot time.  Good motherboards allow you to disable this, but good luck finding it, since it’s called something different in every device.

It seems these days the price of progress is regression.

Reply | Quote

The boot environment was always it’s own mini operating system, hence rootkits.
UEFI added the ability to prevent rootkits via “secure boot”, but more importantly, it removed the requirement to have the OS boot loader in a specific location on a specific disk. Now you can have any sort of disk with a basic file system to boot the OS.

anonymous wrote:

addition of what they call the “developer rootkit”

What is this and why is it bad? References please.

cheers, Paul

Reply | Quote

“I don’t have dbutil_2_3.sys”

Noel, in what folder would one check to see if one has that file; and if found, why not just delete it?

Thanks, cma

Reply | Quote

I searched for the .sys file on c: drive on my Dell pc; file was not found even though I have used Dell Update. I have not made the suggested bios update.

There are details from Dell on this file providing ways to remedy the problem. One method was to delete the file per its instructions as follows:

• <b>Option 2: </b>Manually remove the vulnerable dbutil_2_3.sys driver:

<b>Step A:</b> Check the following locations for the dbutil_2_3.sys driver file

• C:\Users\<username>\AppData\Local\Temp
• C:\Windows\Temp

<b>Step B:</b> Select the dbutil_2_3.sys file and hold down the SHIFT key while pressing the DELETE key to permanently delete.

Hope this helps.

 

Reply | Quote

I saw the headlines a few days ago and immediately started worrying. My device is listed as vulnerable, but it is also considered “out of date” and will not be receiving any updates as a result. Luckily, the offending file is not on my system. And after further reading, I saw how unlikely it was to be affected.

Susan is absolutely right, these headlines are far to common and designed to produce (usually  unnecessary) panic and promote clicks.

Reply | Quote

My take is to be aware of security issues that are circulating and whenever possible fix those that affect me. But I think the bigger problem is not some BIOS issue but social engineering attacks with/without malware. Many of the issues breathlessly hyped are not something that are going to be used against a random person. If they are used, they will be used against more lucrative targets.

Social engineering only requires one to have a bad day; something we all have.

I put the Dell issue in the category of fix it when convenient in the next few weeks if it affects you. Also, pay attention if there are reliable reports of it being actively used.

Reply | Quote

It’s amazing how many breathless exploit headlines have the fine print attached that no remote exploits are actually possible, as they often require an attacker to be local, such as with an attack involving an escalation of privilege.

I file those away as ‘click-bait’, but keep skimming the headlines anyway, because I wish to be informed about security issues that might be of concern for me.

Windows 10 Pro 22H2

Reply | Quote

I try to end up with a clean install of Windows 10 and have installed only what I absolutely need on a regular basis. Seems like the more you have installed the higher the risk of something having security flaws. Bad enough to have to deal with all the Windows BS updates.

Reply | Quote

anonymous wrote:

Seems like the more you have installed the higher the risk of something having security flaws.

That is true. The more stuff you have installed, the more attack surface there is for some bad guy to try to take advantage of. On the other hand, though, a lot of the stuff you hear about is more hypothetically risky than practically so. This Dell issue is one of them… I can’t see how it’s a major issue even if it does have the flaw indicated, and you can sidestep that by installing the Dell “BIOS” (actually UEFI for all models newer than about ten years) updates from outside of Windows. The errant driver never gets installed in that case.

Security is a real concern, but if you make it the only one, you’ll never get anything done. The only 100% secure PC is one that’s turned off (and even then someone can probably come up with some weird edge case where it’s not necessarily so), but it’s not very useful. Install the programs you need, be reasonably cautious, and take action if there is an actual (realistic) threat discovered in some program you use… but also keep things in perspective. Things like this are just information for us to consider, not a call for alarm. This particular one is not likely to be exploited in the wild. It’s a sign that the good guys are out there doing their thing too, looking for flaws and reporting them so they can be mitigated or fixed. It’s the unknown ones that are the most dangerous.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

NaNoNyMouse

Reply | Quote

Owners of Dell systems can also stay up-to-date on security issues by referring to https://www.dell.com/support/security/en-us

1 user thanked author for this post.

Perq

Reply | Quote

Ran Malwarebytes scan on my Dell XPS8700 Win7 64 this morning. It considered dbutil_2_3.sys a threat and quarantined it. See image.

Reply | Quote