"I have no idea what to do with it, but someone else might," slipstream wrote in the exploit comments.
The flaw in DSD apparently stems from the way Dell attempted to fix a previous vulnerability. According to slipstream, the company implemented RSA-1024 signatures to authenticate commands, but put them in a place on its website where attackers can obtain them.
These can be used as a crude bypass method for Windows' User Account Control (UAC). In this context, the bypass means that "if DSD isn't elevated, we annoy the user with elevation requests until they click yes," the hacker said.
Toshiba and Dell did not immediately respond to a request for comment.
Sign up for CIO Asia eNewsletters.