07.05.2021 Critical Security Issues in Dell Driver Software

by Elena Lapina

Researchers discovered five vulnerabilities in a component of firmware update packages, DBUtil BIOS, used in Dell’s devices running Windows. 


Details

  • The component – the dbutil_2_3.sys module – is installed and loaded on-demand by initiating the firmware update process and then unloaded after a system reboot.
  • The cause of the flaws, collectively tracked as CVE-2021-21551 and assigned a score of 8.8, is an insufficient access control which could enable a threat actor to escalate privileges to kernel mode, trigger denial of service or information disclosure.
  • Dell issued an advisory with technical details and remediation steps to patch the flaws.

Recommendations

  • We recommend removing and/or remediating the vulnerable driver before June 1, when a proof-of-concept for these vulnerabilities is scheduled for release.
  • Follow the remediation steps in Dell’s advisory to patch the flaws and run a remediated firmware update utility package.
  • Since Dell’s driver accepts system calls from non-privileged users, malicious actors could exploit unpatched devices as part of an attack chain to gain persistence.

References: Dell

 

Request Demo

Fill out the form and we will send you details about our demo.