Extreme vulnerabilities in Dell firmware replace driver discovered and glued

A computer screen filled with numbers is interrupted by a rudimentary image of a padlock.
Enlarge / At the least three corporations have reported the dbutil_2_3.sys safety issues to Dell over the previous two years.

Yesterday, infosec analysis agency SentinelLabs revealed 12-year-old flaws in Dell’s firmware updater, DBUtil 2.3. The susceptible firmware updater has been put in by default on a whole lot of thousands and thousands of Dell methods since 2009.

The 5 high-severity flaws SentinelLabs found and reported to Dell lurk within the dbutil_2_3.sys module, and so they have been rounded up underneath a single CVE monitoring quantity, CVE-2021-21551. There are two memory-corruption points and two lack of enter validation points, all of which might result in native privilege escalation and a code logic problem which may result in a denial of service.

A hypothetical attacker abusing these vulnerabilities can escalate the privileges of one other course of or bypass safety controls to put in writing on to system storage. This affords a number of routes to the last word objective of native kernel-level entry—a step even greater than Administrator or “root” entry—to all the system.

This isn’t a distant code execution vulnerability—an attacker sitting internationally and even throughout the espresso store can not use it on to compromise your system. The foremost danger is that an attacker who will get an unprivileged shell through another vulnerability can use an area privilege escalation exploit like this one to bypass safety controls.

Since SentinelLabs notified Dell in December 2020, the corporate has provided documentation of the failings and mitigation directions which, for now, boil right down to “take away the utility.” A replacement driver can also be out there, and it must be robotically put in on the subsequent firmware replace verify on affected Dell methods.

SentinelLabs’ Kasif Dekel was at the very least the fourth researcher to find and report this problem, following CrowdStrike’s Satoshi Tanda and Yarden Shafir and IOActive’s Enrique Nissim. It isn’t clear why Dell wanted two years and three separate infosec corporations’ reviews to patch the difficulty—however to paraphrase CrowdStrike’s Alex Ionescu above, what issues most is that Dell’s customers will lastly be protected.

Recent Articles

15 greatest simulation video games for Android – Android Authority

Joe Hindy / Android AuthoritySimulation video games are some of the expansive and common recreation genres. It’s additionally some of the common on cellular...

Marvel’s Loki Is Already Placing Twists on Its Twists

Loki and B-15 face an unseen menace.Photograph: MarvelIn over a decade of flicks and now TV reveals, we’ve gotten used to Marvel...

We investigated whether or not digital contact tracing really labored within the US

Within the spring of 2020, the primary variations of covid-19 publicity notification techniques have been launched to the general public. These techniques promised...

Samsung Galaxy A72 Evaluate: Definitely worth the Premium Over the Galaxy A52?

The Samsung Galaxy A52 and Galaxy A72 duo have been out there for just a few months. We have already examined the Galaxy A52,...

What are Google Workspace, Areas, and good canvas? This is an explainer

Supply: Nick Sutrich / Android Central Google Workspace is the reply to the query that Google customers have had for years: why cannot this firm...

Related Stories

Stay on op - Ge the daily news in your inbox