Millions of Dell PCs could be at risk from driver security flaw dating from 2009

Dell logo
(Image credit: / Oleg Golovnev)

Dell has released a patch addressing multiple vulnerabilities in its DBUtil BIOS driver after a security researcher found that the driver in question could be abused by an attacker to gain increased system privileges.

The vulnerable driver was first discovered by security research Kasif Dekel from SentinelLabs, with the team informing Dell of the issue in December 2020.

According to the SentinelLabs, the driver has been vulnerable since 2009 though there is no evidence at this time that its flaws have been exploited in the wild.

The DBUtil BIOS driver comes pre-installed on many Dell laptops and desktops running Windows and is responsible for Dell Firmware Updates via the Dell BIOS Utility. It is estimated that hundreds of millions of devices from the company received the vulnerable driver through BIOS updates.

Five separate flaws

After examining the DBUtil driver more closely, Dekel discovered a collection of five flaws, currently tracked as CVE-2021-21551 by Dell, that can be exploited to “escalate privileges from a non-administrator users to kernel mode privileges”.

Of the five separate flaws found in Dell's driver, two are memory corruption issues, two are security failures caused by a lack of input validation and one is a logic issue that could potentially be exploited to trigger denial-of-service. In addition to discovering these flaws, Dekel has also created Proof-of-Concept (PoC) code which he plans to release on June 1 in order to give Dell users time to apply the company's patch.

In a new blog post, Dekel explained SentinelLab's decision to release its research publicly, saying:

“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action. Our reason for publishing this research is to not only help our customers but also the community to understand the risk and to take action.”

Dell users should check out the company's new advisory and FAQ document which contain remediation steps for these flaws. As Dekel mentioned, users should install Dell's updated DBUtil driver as soon as possible to prevent falling victim to any potential attacks trying to exploit these security flaws.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.