AL2021_15 Vulnerability found affecting Dell driver (4th May, 2021)

Description

On the 4th May, 2021, a security researcher at SentinelOne (a cybersecurity company) discovered the five bugs vulnerability in DBUtil driver version 2.3 which may lead to escalation of privileges, denial of service, or information disclosure.

Summary

Five (5) flaws have collectively been tracked as CVE-2021-21551, found in the DBUtil driver on the Dell machines. This driver file may have been installed on your Dell Windows operating system when you used firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware for your system and unpacked during it’s next reboot.

How it works

The five (5) bug flaw which allows escalation of privileges from a non-administrative user, to kernel mode privileges, provides an attacker with high level permissions that can see unrestricted access to all hardware available on the system, including referencing memory addresses. The vulnerability severity is not listed as critical, since exploitation by the attacker requires compromising the computer in advance. However, it should be noted that threat actors and malware can gain persistence on infected systems.

Solution

  • Immediately remove the vulnerable DBUtil 2.3 driver from affected systems
  • Obtain and run the latest firmware update utility package 

For more information on this alert kindly follow this URL:

https://www.dell.com/support/kbdoc/en-gy/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

The Guyana National CIRT recommends that users and administrators review this alert and apply the solutions where necessary.

PDF Download: Vulnerability found affecting Dell driver.pdf

References

  • Vulnerable Dell driver puts hundreds of millions of systems at risk (4th May, 2021). Retrieved from Bleepingcomputer

https://www.bleepingcomputer.com/news/security/vulnerable-dell-driver-puts-hundreds-of-millions-of-systems-at-risk/

  • Dell patches vulnerable driver in a decade of IT products, computers and laptops (4th May, 2021). Retrieved from SCmagazine.

https://www.scmagazine.com/home/security-news/vulnerabilities/dell-patches-vulnerable-driver-in-a-decade-of-systems-and-laptops/