SentinelLabs recently found five security flaws in Dell’s dbutil_2_3.sys firmware update driver, affecting millions of the company’s laptops, tablets, and notebooks.
The faulty firmware driver is responsible for updates through the Dell BIOS Utility and has come pre-installed on most Dell machines running Windows since 2009.
“This driver file may have been installed on your Dell Windows operating system when you used firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware for your system,” Dell stated.
The vulnerability could allow attackers to escalate privileges from a non-administrator user to kernel mode privileges.
This could lead also lead to denial of service, or information disclosure.
Dell has allocated a single CVE (Common Vulnerabilities and Exposures) to the firmware driver flaws, which can be broken down into five different deficiencies:
- CVE-2021-21551: Local Elevation Of Privileges #1 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #2 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #3 – Lack of input validation
- CVE-2021-21551: Local Elevation Of Privileges #4 – Lack of input validation
- CVE-2021-21551: Denial Of Service – Code logic issue
According to Kasif Dekel at SentinelLabs, the immediate problem with the driver is that it accepts IOCTL (Input/Output Control) requests without any ACL requirements.
This means that it can be invoked by a person who does not have administrative privileges and it could be used to bypass security products.
Consequently, an attacker with access to an organisation’s network may also gain entry to local elevation of privilege.
The good news is that, despite being vulnerable for over a decade, there is currently no proof that the defective drivers have been actively exploited.
Dell was notified about the issue in December 2020, and the company collaborated with Microsoft to develop a new driver for Windows machines.
The company has since published an article addressing the vulnerabilities and offered a two-step remediation plan to help users with susceptible machines fix the issue.