How can we help?
Published: 6th May 2021 | In: Threat Intelligence & Guidance
If the news that undiscovered vulnerabilities have been identified in Dell devices going as far back as 12-years ago has had you in a panic, Quorum Cyber has produced some Quick Info to get you up to speed with what you need to know and – more importantly – what you need to do respond to this threat and protect your devices.
What is it?
On the 4th May 2021, Dell published a Security Advisory (DSA-2021-088) relating to a vulnerability in the dbutil_2_3.sys driver. This driver may have been installed as part of your Dell Windows operating system.
What is the impact?
This vulnerability has the potential to allow escalation of privileges, denial of service, or information disclosure, with only a local authenticated user required to exploit this as part of an attack.
Are my systems vulnerable?
The following applications have been identified as potentially vulnerable:
- Dell Command Update
- Dell Update
- Alienware Update
- Dell System Inventory Agent
- Dell Platform Tags
Dell has now remediated the dbutil driver and has released firmware update utility packages for supported platforms.
How do I mitigate this threat?
Dell have produced a security advisory detailing the affected products and applicable remediation steps in DSA-2021-088. This should be applied immediately regardless of the downtime as this imposes an immediate real threat.
In addition to the firmware update, it’s also advised to blacklist this driver in your security software once you have removed the affected driver. This will also assist in mitigating potential future infections where malware authors may pre-package this driver as part of the payload for further exploitation.
Dell Security Advisory: DSA-2021-088
SentinelLabs: SentinelLabs Research Disclosure
National Vulnerability Database: CVE-2021-21551