Severe vulnerabilities in Dell firmware update driver found and fixed

Enlarge / At least 3 providers have described the dbutil_2_3.sys stability problems to Dell around the earlier two a long time.

Yesterday, infosec investigation agency SentinelLabs revealed 12-calendar year-outdated flaws in Dell’s firmware updater, DBUtil 2.3. The susceptible firmware updater has been put in by default on hundreds of millions of Dell devices because 2009.

The 5 significant-severity flaws SentinelLabs uncovered and documented to Dell lurk in the dbutil_2_3.sys module, and they have been rounded up under a single CVE tracking number, CVE-2021-21551. There are two memory-corruption problems and two absence of enter validation difficulties, all of which can guide to neighborhood privilege escalation and a code logic concern which could lead to a denial of services.

A hypothetical attacker abusing these vulnerabilities can escalate the privileges of another approach or bypass safety controls to publish directly to process storage. This offers a number of routes to the ultimate target of regional kernel-stage access—a phase even better than Administrator or “root” access—to the total technique.

This is not a remote code execution vulnerability—an attacker sitting down across the world or even across the espresso shop can’t use it immediately to compromise your system. The major threat is that an attacker who will get an unprivileged shell by way of some other vulnerability can use a area privilege escalation exploit like this 1 to bypass safety controls.

Considering the fact that SentinelLabs notified Dell in December 2020, the organization has delivered documentation of the flaws and mitigation guidelines which, for now, boil down to “get rid of the utility.” A replacement driver is also readily available, and it ought to be quickly installed at the subsequent firmware update test on affected Dell methods.

SentinelLabs’ Kasif Dekel was at minimum the fourth researcher to discover and report this issue, next CrowdStrike’s Satoshi Tanda and Yarden Shafir and IOActive’s Enrique Nissim. It truly is not distinct why Dell required two many years and 3 different infosec companies’ stories to patch the issue—but to paraphrase CrowdStrike’s Alex Ionescu earlier mentioned, what matters most is that Dell’s end users will eventually be secured.

Leave a Reply