Dell Windows drivers still vulnerable to kernel attacks


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Users of Dell systems are still at risk of having their Windows systems compromised via Dell drivers through kernel attacks. The problem was supposed to be fixed by updates as early as May 2021. However, security researchers from Rapid7 are now sounding the alarm that these security updates have not closed all vulnerabilities. True, administrator privileges are required to install the drivers. But it looks like this approach is being used by cyber gangs for attacks. However, there are countermeasures in the business environment.
Response from Dell:
After careful consideration with the product team, we have classified this issue as a vulnerability rather than a security risk because a certain privilege level is required to perform an attack. This is consistent with the guidance provided in the Windows driver model. We do not intend to publish a security advisory or issue a CVE on this issue.
It is true that driver installation requires administrator privileges. But then an attacker can also attack the kernel via the driver and possibly install root kits, etc. The countermeasure would be to block the installation of the drivers in question via Driver block rules – but Dell drivers are not currently on the list (Dell is working with Microsoft on this, though). Those who have the option to enable Hypervisor-Protected Code Integrity (HVCI) should definitely do so. Furthermore, Secure Boot should at least be enabled.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.