The Register reports there are no signs of exploitation in the wild -- but this will likely not take long:
"While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action," warned Kasif Dekel, a senior security researcher at SentinelOne who helped find the holes.
Driver fails to perform authorization checkThe five bugs were found in Dell's dbutil_2_3.sys driver, a piece of software used for updating the firmware. What it boils down to is that this insecure driver accepts system calls from any user or application on the PC, without performing any checks to verify if the caller has the correct privileges. Drivers operate with the highest level of privileges within the Windows operating system, so the lack of authorization gives attackers an easy way to piggyback:
These system calls – specifically, IOCTL calls – can instruct the kernel-level driver to move the contents of memory from one address to another, allowing an attacker to read and write arbitrary kernel RAM. At that point, it's game over: the machine can be commandeered at the operating-system level, a rootkit installed, and so on.Dell has released an updated driver, this new version will be pushed out from May 10.