Dell has launched a security patch for a vulnerability located in a driver file that impacts hundreds of desktop and laptop designs heading back to 2009.
The vulnerability, marked as CVE-2021-21551, has an 8.8 rating on the 10 place CVSS menace scoring method and refers to Dell driver dbutil_2_3.sys, which is made up of an inadequate accessibility handle vulnerability which could direct to escalation of privileges, denial of services, or information and facts disclosure.
It was initially uncovered by researchers from Sentinel Labs who uncovered that attackers could exploit these vulnerabilities to regionally escalate to kernel-method privileges. Considering that 2009, Dell has produced hundreds of millions of Windows devices globally which consist of the susceptible driver.
The results, which were being proactively reported to Dell on 1 December 2020, in essence found that the vulnerabilities would allow attackers to bypass security products and solutions, although the scientists haven’t seen any proof of this weakness getting exploited.
The Dell XPS 13 and 15 vary of laptops, the Vostro 7590, and the Precision 5820 XL Tower are all explained to be vulnerable to the flaw, as properly as each product belonging to the Latitude, Inspirion, and Precision ranges. A comprehensive list containing around 380 styles has been revealed by Dell on its site.
The dbutil_2_3.sys driver may perhaps have also been put in on Dell programs as section of later firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell Method Stock Agent, or Dell Platform Tags, the business has warned.
Dell recommends removing the driver from the procedure by putting in a remediated package deal made up of BIOS, Thunderbolt, TPM or dock firmware updating Dell Command Update, Dell Update or Alienware Update or installing the most current variation of Dell System Stock Agent or Dell Platform Tags.
Last month, Microsoft preset the vulnerability CVE-2021-28310 which was probably getting made use of in a chain together with other exploits in Windows 10 to seize handle of victims’ equipment. To use it, hackers would will need to currently have obtain to a technique, or trick people into working the code on their behalf.
Some sections of this report are sourced from: