Vulnerable Dell driver puts hundreds of millions of systems at risk
Vulnerable Dell driver puts hundreds of millions of systems at risk

By Ionut Ilascu

A driver that’s been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system.

It is estimated that hundreds of millions of Dell computers, from desktops and laptops to tablets, received the vulnerable driver through BIOS updates.

Five flaws in one

A collection of five flaws, collectively tracked as CVE-2021-21551, have been discovered in DBUtil, a driver from that Dell machines install and load during the BIOS update process and is unloaded at the next reboot.

Looking closer at the DBUtil driver, Kasif Dekel, a security researcher at cybersecurity company SentinelOne, found that it can be exploited “to escalate privileges from a non-administrator user to kernel mode privileges.”

Code from an attacker running with this level of permissions would have unrestricted access to all hardware available on the system, including referencing any memory address.

This type of vulnerability is not considered critical because an attacker exploiting it needs to have compromised the computer beforehand. However, it allows threat actors and malware to gain persistence on the infected system.

Although there is a single tracking number, Dekel says that there are five separate flaws, most of them leading to privilege escalation and one code logic issue that leads to denial of service.

CVE-2021-21551Local Elevation Of Privileges Memory corruption
CVE-2021-21551Local Elevation Of PrivilegesMemory corruption
CVE-2021-21551Local Elevation Of PrivilegesLack of input validation
CVE-2021-21551Local Elevation Of PrivilegesLack of input validation
CVE-2021-21551Denial of ServiceCode logic issue

The researcher provides technical information in a blog post today but holds back the details for triggering and exploiting the flaws to give users time to apply the patch. He plans to share proof-of-concept exploit code on June 1st.

Dekel says that Dell has prepared a security advisory for this vulnerability. The remedy is a fixed driver but the researcher says that at the moment of writing the report the company had not revoked the certificate for the vulnerable driver, meaning that an adversary on the network can still use it in an attack.

“An attacker with access to an organization’s network may also gain access to execute code on unpatched Dell systems and use this vulnerability to gain local elevation of privilege. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement” – SentinelOne

Despite the longevity of the vulnerable DBUtil driver and the large number of potential victims, SentinelOne says that they have not seen any indicators about these vulnerabilities being exploited in the wild. However, this may soon change.

The company has published a video to show that a vulnerable DBUtil driver can be exploited to achieve local privilege escalation on a target system.

Affiliate News Feeds

  • Hardware
  • Internet of Things
  • Networking
  • Industry News
  • Software

A new single board computer range offers developers flexibility and the option of custom hardware. The post OKdo partners with Radxa to deliver new ROCK SBCs appeared first on TechRepublic. [...]

Cybersecurity threats and attacks are on an upswing with no end in sight. It’s clear that organizations must do more to protect their data and employees. AMD and Microsoft have… [...]

The need to protect your Mac's data should prove no surprise, but there are many options beyond using iCloud and Time Machine. Here are several leading options, should you need… [...]

A new single board computer range offers developers flexibility and the option of custom hardware. The post OKdo partners with Radxa to deliver new ROCK SBCs appeared first on TechRepublic. [...]

Blockchain and edge computing can be a formidable combination in terms of power, scalability and versatility. The post How blockchain and edge computing can work together appeared first on TechRepublic. [...]

IoT use cases continue to grow as this report projects that the IoT-enabled asset tracking and monitoring market will witness exponential growth in the coming years. The post IoT-based asset… [...]

Jack Wallen shows you how to quickly get Samba shares up and running on any Linux distribution based on Red Hat Enterprise Linux. The post How to install and configure… [...]

Google Fiber hopes to expand its reach to deliver one of the fastest fiber networks to multiple U.S. communities. The post Google Fiber plots speedy multi-gig future appeared first on… [...]

Learn the basics of automation in Windows PowerShell for just $19.99 with this certification bundle. The post Automate Windows administration with PowerShell: Learn how in this training course appeared first… [...]

Cybersecurity threats and attacks are on an upswing with no end in sight. It’s clear that organizations must do more to protect their data and employees. AMD and Microsoft have… [...]

Professional risk factors into career decisions, and successful women need to encourage other women to accept the risks, says Accenture. The post Report finds women are declining CISO/CSO roles appeared… [...]

CompTIA finds tech investments will support innovation and recruitment, while Verizon Business reveals 31% of SMBs will cut tech investments. The post Two SMB reports reveal differing views on tech… [...]

Data observability tools allow you to monitor what is happening to your data. Here is a list of the top data observability tools of 2022. The post Best observability tools… [...]

Once you decide the default Auto Date table isn’t adequate, you can create one that fulfills your grouping and filtering requirements in Microsoft Power BI. The post How to create… [...]

Talend is one of the most popular tools for data quality. Get details on using Talend's tools for data profiling, cleaning, standardization, matching and deduplication. The post Data quality solutions… [...]