Dell issues critical security update to patch serious driver flaws on hundreds of millions of systems
Dell has patched a recently discovered series of security flaws in a driver installed on hundreds of millions of computers. Tracked as CVE-2021-21551, no fewer than five high severity vulnerabilities were found to exist in Dell's dbutil_2_3.sys firmware update driver since 2009.
The flawed DBUtil driver is installed on consumer and enterprise desktops, laptops and tablets around the world. If exploited, the vulnerabilities could be used to "escalate privileges from a non-administrator user to kernel mode privileges". The problem only affected Windows systems, not those running Linux.
- How to bypass 'Windows protected your PC' message in Windows 10
- Microsoft is ramping up efforts to forcibly remove Flash from Windows with KB4577586 update
- You can now find out which devices are using a particular driver in Windows 10
Although Dell has only assigned one CVE, a total of five flaws were discovered by security researcher Kasif Dekel from SentinelLabs. There are two memory corruption flaws and two "lack of input validation" vulnerabilities leading to potential privilege escalation, and one denial of services vulnerability stemming from a code logic issue.
In a post on the SentinelLabs website, Dekel goes into some detail about his findings but -- understandably -- stops short of providing a full guide. He says that:
To enable Dell customers the opportunity to remediate this vulnerability, we are withholding sharing our Proof of Concept until June 1, 2021. That proof of concept will demonstrate the first local EOP which arises out of a memory corruption issue.
While details of the proof of concept are not yet being made public, a video showing it in action has been published:
Dell was made aware of the problem back in December 1 last year, and the company has worked with Microsoft to produce an updated driver for Windows machines. The good news is that, despite having been a problem for over a decade, there is currently no evidence that the trio of vulnerabilities are currently being exploited in the wild.
Concluding the post about the findings, Dekel says:
These high severity vulnerabilities, which have been present in Dell devices since 2009, affect hundreds of millions of devices and millions of users worldwide. Similar to a previous vulnerability I disclosed that hid for 12 years, the impact this could have on users and enterprises that fail to patch is far reaching and significant.
While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action. Our reason for publishing this research is to not only help our customers but also the community to understand the risk and to take action.