Data security training specialists have revealed the finding of a critical Realtek vulnerability in multiple Dell laptop models; affected models include Dell XPS, Inspiron, Latitude, Precision and Vostro. Other laptop models could be also exposed.
The vulnerability, tracked as CVE-2019-19705, received a high (unspecified) score according to the scale of the Common Vulnerability Scoring System (CVSS), so it is considered a critical severity error.
In case you have forgotten, Realtek is a media player developed for computers with Microsoft Windows operating system and packaged with AC97 audio device drivers.
The flaw could be found in business, industrial, and utility environments, as well as personal devices. A full report on vulnerable versions and their respective updates is available online. According to data security training experts, users interested in the complete lists of Dell equipment affected can find them below.
- Inspiron 3465
- Inspiron 3467
- Inspiron 3476
- Inspiron 3565
- Inspiron 3567
- Inspiron 3576
- Inspiron 5370
- Inspiron 5466
- Inspiron 5468
- Inspiron 5488
- Inspiron 5565
- Inspiron 5567
- Inspiron 5570
- Inspiron 5575
- Inspiron 5765
- Inspiron 5767
- Inspiron 5770
- Inspiron 5775
- Inspiron 7467
- Inspiron 7472
- Inspiron 7567
- Inspiron 7572
- Latitude 3390 2-IN-1
- Latitude 3480
- Latitude 3490
- Latitude 3580
- Latitude 3590
- Latitude 5280
- Latitude 5285
- Latitude 5289
- Latitude 5290
- Latitude 5290 2-IN-1
- Latitude 5480
- Latitude 5490
- Latitude 5580
- Latitude 5590
- Latitude 7212
- Latitude 7280
- Latitude 7285
- Latitude 7290
- Latitude 7380
- Latitude 7389
- Latitude 7390
- Latitude 7390 2-in-1
- Latitude 7480
- Latitude 7490
- Optiplex 5250 AIO
- Optiplex 7450 AIO
- Precision 3520
- Precision 5520
- Precision 5820 TOWER
- Precision 5820 XL TOWER
- Precision 7520
- Precision 7720
- Precision 7820 TOWER
- Precision 7820 XL TOWER
- Precision 7920 TOWER
- Precision 7920 XL TOWER
- Vostro desktop 24 5460
- Vostro notebook 3468
- Vostro notebook 3478
- Vostro notebook 3568
- Vostro notebook 3578
- Vostro notebook 5370
- Vostro notebook 5468
- Vostro notebook 5471
- Vostro notebook 5568
- XPS notebook 9360
- XPS notebook 9370
- Xps notebook 9560
Neither Realtek nor Dell have provided further technical details about the flaw, although this could change as soon as the affected companies consider that the risk of exploitation in the wild has already been mitigated.
So far, there are no workarounds to fix this vulnerability, so users are strongly advised to stay on top of the release and availability of the respective updates, data security training specialists mentioned.
In addition, customers can use one of Dell’s notification solutions to receive notifications and automatically download driver, BIOS, and firmware security updates once they become available.
For more details on severity ratings, potentially exposed computer administrators can refer to the company’s Vulnerability Response Policy. Dell emphasizes that all users should consider the scores that the vulnerability may receive are still variable, as no additional factors have been considered for particular cases.
Dell also recommends that all users determine the applicability of this information to their individual situations and take appropriate action to protect their equipments. The information set forth in the company’s reports is provided as presented by Dell Security Teams.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.