Dell has released a patch addressing multiple vulnerabilities in its DBUtil BIOS driver after a security researcher found that the driver in question could be abused by an attacker to gain increased system privileges.
The vulnerable driver was first discovered by security research Kasif Dekel from SentinelLabs (opens in new tab), with the team informing Dell of the issue in December 2020.
According to the SentinelLabs, the driver has been vulnerable since 2009 though there is no evidence at this time that its flaws have been exploited in the wild.
- We've built a list of the best endpoint protection software (opens in new tab) available
- Keep your devices virus free with the best malware removal software (opens in new tab)
- Also check out our roundup of the best firewall (opens in new tab)
The DBUtil BIOS driver comes pre-installed on many Dell laptops (opens in new tab) and desktops (opens in new tab) running Windows and is responsible for Dell Firmware Updates via the Dell BIOS Utility. It is estimated that hundreds of millions of devices from the company received the vulnerable driver through BIOS updates.
Five separate flaws
After examining the DBUtil driver more closely, Dekel discovered a collection of five flaws, currently tracked as CVE-2021-21551 (opens in new tab) by Dell, that can be exploited to “escalate privileges from a non-administrator users to kernel mode privileges”.
Of the five separate flaws found in Dell's driver, two are memory corruption issues, two are security failures caused by a lack of input validation and one is a logic issue that could potentially be exploited to trigger denial-of-service. In addition to discovering these flaws, Dekel has also created Proof-of-Concept (PoC) code which he plans to release on June 1 in order to give Dell users time to apply the company's patch.
In a new blog post (opens in new tab), Dekel explained SentinelLab's decision to release its research publicly, saying:
“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action. Our reason for publishing this research is to not only help our customers but also the community to understand the risk and to take action.”
Dell users should check out the company's new advisory (opens in new tab) and FAQ (opens in new tab) document which contain remediation steps for these flaws. As Dekel mentioned, users should install Dell's updated DBUtil driver as soon as possible to prevent falling victim to any potential attacks trying to exploit these security flaws.
- We've also highlighted the best antivirus (opens in new tab)
Via ZDNet (opens in new tab)