These multiple high severity vulnerabilities in Dell software could allow attackers to escalate privileges from a non-administrator user to kernel mode privileges. This led to the discovery of five high severity bugs that have remained undisclosed for 12 years. The driver came to my attention thanks to Process Hacker, which has a great feature that pops up a notification message every time a service gets created or deleted: Hundreds of millions of Dell devices have updates pushed on a regular basis, for both consumer and enterprise systems. Today, the firmware update driver component, which is responsible for Dell Firmware Updates via the Dell Bios Utility, comes pre-installed on most Dell machines running Windows and freshly installed Windows machines that have been updated. Several months ago, I started investigating the security posture of the firmware update driver version 2.3 ( dbutil_2_3.sys) module, which seems to have been in use since at least 2009. At this time, SentinelOne has not discovered evidence of in-the-wild abuse.Dell has released a security update to its customers to address this vulnerability.SentinelLabs findings were proactively reported to Dell on and are tracked as CVE-2021-21551, marked with CVSS Score 8.8.Since 2009, Dell has released hundreds of millions of Windows devices worldwide which contain the vulnerable driver. ![]() Attackers may exploit these vulnerabilities to locally escalate to kernel-mode privileges. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |