Severe vulnerabilities in Dell firmware update driver found and fixed

Enlarge / At the very least three corporations have reported the dbutil_2_3.sys safety issues to Dell over the previous two years.

Yesterday, infosec analysis agency SentinelLabs revealed 12-year-old flaws in Dell’s firmware updater, DBUtil 2.3. The susceptible firmware updater has been put in by default on tons of of hundreds of thousands of Dell methods since 2009.

The 5 high-severity flaws SentinelLabs found and reported to Dell lurk within the dbutil_2_3.sys module, they usually have been rounded up underneath a single CVE monitoring quantity, CVE-2021-21551. There are two memory-corruption points and two lack of enter validation points, all of which might result in native privilege escalation and a code logic situation which might result in a denial of service.

A hypothetical attacker abusing these vulnerabilities can escalate the privileges of one other course of or bypass safety controls to put in writing on to system storage. This gives a number of routes to the last word objective of native kernel-level entry—a step even increased than Administrator or “root” entry—to the complete system.

This isn’t a distant code execution vulnerability—an attacker sitting the world over and even throughout the espresso store can’t use it on to compromise your system. The foremost danger is that an attacker who will get an unprivileged shell by way of another vulnerability can use a neighborhood privilege escalation exploit like this one to bypass safety controls.

Since SentinelLabs notified Dell in December 2020, the corporate has provided documentation of the failings and mitigation directions which, for now, boil right down to “take away the utility.” A replacement driver can be obtainable, and it ought to be mechanically put in on the subsequent firmware replace verify on affected Dell methods.

SentinelLabs’ Kasif Dekel was a minimum of the fourth researcher to find and report this situation, following CrowdStrike’s Satoshi Tanda and Yarden Shafir and IOActive’s Enrique Nissim. It is not clear why Dell wanted two years and three separate infosec corporations’ studies to patch the problem—however to paraphrase CrowdStrike’s Alex Ionescu above, what issues most is that Dell’s customers will lastly be protected.

Source link

We will be happy to hear your thoughts

Leave a reply
Enable registration in settings - general
Compare items
  • Total (0)