Millions Of Dell PCs At Risk From High-Impact DDPM Exploit, Patch ASAP

11/14 Update: Dell has contacted us to clarify that the exploit in question can only occur during the installation of DDPM versions prior to 2.1.2.12 made via the DDPM Application UI. Dell states that "If customers have installed DDPM version prior to 2.1.2.12, they do need to update or patch to address this vulnerability, as the affected issue happens only when first installing the software and launching it from the installer user interface." Dell further states that "If customers have not installed the software, they should use the latest version (of) Dell Display and Peripheral Manager 2.1.2.12, which is unaffected. We are unaware of any exploitations of this vulnerability." The original article remains unchanged for posterity below.

Dell has just released a notice to users of its Dell Display and Peripheral Manager (DDPM) software, prompting them to update the software ASAP. Users of the software, which is preinstalled on most Dell business systems but available to all Windows users of Dell peripherals, are advised to update to at least version 2.1.2.12 to get a new patch that fixes an unnecessary privilege escalation vulnerability within the installer. This vulnerability could allow for attackers to gain full System or Administrator privileges on a targeted system, which could be particularly disastrous for enterprise users reliant on Dell PCs.

While the warning is primarily directed toward users of Dell PCs, the nature of Dell's DDPM software could extend the scope of the attack to all owners of Dell hardware and peripherals who have the software installed. Dell itself estimates that "millions of PCs" are impacted by this vulnerability (documented as CVE-2025-46430) and advises all impacted users to download the latest DDPM update immediately.

Sadly, this is not the only major security flaw found with Dell PC hardware this year. Back in August, a critical flaw was found within Dell firmware that allowed for attackers to access and manipulate RAM on Dell PCs, leading Dell to prompt all impacted users to update their firmware immediately. While this DDPM issue thankfully isn't firmware-level like that one was, it's still not a great look for an enterprise-centered PC OEM like Dell to keep having vulnerabilities like this. Hopefully, users will be up-to-date before any major exploits of these vulnerabilities come to light.

On the brighter side, Dell's hardware division has been putting in pretty good work in the PC space lately, with competitively priced and high-performance devices becoming standard fare from Dell in the past few years. As PC enthusiasts largely based in the United States, we hope to see one of the States' most well-known PC OEMs excel, but the company's software and cybersecurity teams will need to continue staying on top of issues like these lest the next story like this wind up being about a successful exploit rather than an already-closed vulnerability.

Image Credit: Dell