Security firm SentinelOne has found flaws in Dell’s firmware update driver dating back to 2009. Attackers may exploit these vulnerabilities to locally escalate to kernel-mode privilege on Dell PCs, laptops, and servers. The full list of affected devices is listed on the Dell website.
In his report, Senior Security Researcher at SentinelOne Kasif Dekel said that the flaw is a combination of five vulnerabilities collectively called CVE-2021-21551 that exists in the dbutil_2_3.sys driver.
Four of the flaws lead to privilege escalation with the last leading to a denial of service.
When we reached out to them for a comment, Dell responded by saying:
"We remediated a vulnerability (CVE-2021-21551) in a driver (dbutil_2_3.sys) affecting certain Windows-based Dell computers. We have seen no evidence this vulnerability has been exploited by malicious actors to date. We encourage customers to review the Dell Security Advisory (DSA-2021-088) and follow the remediation steps as soon as possible. We’ve also posted an FAQ for additional information."
Both Dell and SentinelOne say that they’ve seen no evidence of the flaw being exploited in the wild.
Dell’s FAQ also states that a malicious actor would first need to be granted access to a user’s PC, for example through phishing, malware, or remote access. However, any concerned user can still follow Dell’s instructions to patch their PCs.
This article was first published in Hardware Zone.