Windows driver with vulnerabilities (CVE-2021-21551) puts millions of Dell systems at risk

Windows[German]Several vulnerabilities have been discovered in a driver that has been installed on millions of Dell consumer and enterprise Windows systems over the past 12 years. These vulnerabilities allow an attacker to perform privilege escalation. In other words, the vulnerability (CVE-2021-21551) in Dell's so-called DBUtil Windows driver now puts the affected PCs, All-in-One and 2-in-1 systems at security risk.


Advertising

Dell issued a security alert DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver and this FAQ a few hours ago. Dell says.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

The vulnerability (CVE-2021-21551) exists in the dbutil_2_3.sys driver and has been assigned a severity rating of 8 (out of 10). The driver file may have been installed on virtually any Dell system running the Windows operating system once the firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent or Dell Platform Tags were used. This includes using a Dell notification solution to update drivers, BIOS or firmware for the system. The vulnerable driver (dbutil_2_3.sys) was delivered to affected systems in two ways:

  • via affected firmware update utility packages and
  • via Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent or Dell Platform Tags.

Since applies even if users use any other notification solution from Dell to update drivers, BIOS or firmware on your system.

The vulnerabilities (CVE-2021-21551)

Kasif Dekel, a security researcher at cyber security firm SentinelOne, discovered the following vulnerabilities listed as CVE-2021-21551, and addressed them in a blog post, but did not reveal all the details.

  • CVE-2021-21551: Local Elevation Of Privileges #1 – Memory corruption
  • CVE-2021-21551: Local Elevation Of Privileges #2 – Memory corruption
  • CVE-2021-21551: Local Elevation Of Privileges #3 – Lack of input validation
  • CVE-2021-21551: Local Elevation Of Privileges #4 – Lack of input validation
  • CVE-2021-21551: Denial Of Service – Code logic issue

The exploitability of the vulnerabilities is not considered critical because an attacker who exploits them must have compromised the computer beforehand. However, the vulnerabilities allow threat actors and malware to stay on the infected system.


Advertising

A fix is available

Dell has fixed the dbutil driver vulnerabilities in a new release while releasing firmware update utilities for supported platforms on Windows 10, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent and Dell Platform Tags. To best protect itself, Dell recommends removing the dbutil_2_3.sys driver from systems. If the Dell System Inventory Agent is used, it is important to first download the latest available version (2.6.0.0 or higher) here before uninstalling the driver. Then follow one of the three options listed below:

  • install a package with a fix that includes the BIOS, Thunderbolt firmware, TPM firmware, or Dock firmware;
  • or update Dell Command Update, Dell Update, or Alienware Update, respectively;
  • or install the latest version of Dell System Inventory Agent or Dell Platform Tags,

Then the updated Dell dbutil driver will also be installed on the affected system. For more information, including how to remove the faulty driver, see the Dell security alert DSA-2021-088. (via Bleeping Computer)


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *