Dell has released a patch on hundreds of millions of its Windows PCs for multiple vulnerabilities in the company’s DBUtil BIOS driver. The high-severity flaws were discovered in Dell’s firmware update driver that could be abused by an attacker to gain increased system privileges. This security flaw has been there since 2009 and impacts all Dell desktops, laptops, notebooks, and tablets running Windows.
First discovered by SentinelLabs, the multiple local privilege-escalation (LPE) bugs exist in the company’s dbutil_2_3.sys driver and allows an attacker to gain increased system privileges. This BIOS driver comes pre-installed on most Dell desktops and laptops running Windows, and it has been vulnerable since 2009. However, SintinelLabs points that there’s currently no evidence that these flaws have been exploited in the wild. To be specific, there are a total of five high-severity vulnerabilities in the firmware update driver that could allow attackers to escalate non-administrator user privileges to the kernel-mode privileges.
To address this issue, Dell has grouped these vulnerabilities in its software under the label CVE 2021-21551 with a CVSS score of 8.8. Here are the five flaws in Dell’s firmware update driver:
- CVE-2021-21551: Local Elevation Of Privileges #1 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #2 – Memory corruption
- CVE-2021-21551: Local Elevation Of Privileges #3 – Lack of input validation
- CVE-2021-21551: Local Elevation Of Privileges #4 – Lack of input validation
- CVE-2021-21551: Denial Of Service – Code logic issue
Security researcher Kasif Dekel from SenetinelLabs, the person who discovered the vulnerability in Dell’s software, noted in a blog post that these flaws can be abused in many ways, such as bypassing security products. However, it’s worth noting that these vulnerabilities are unlikely to be exploited remotely over the internet. This is because these are local privilege elevation bugs. This means that the attacker should have access to a non-administrator account on a vulnerable Dell machine to carry out an attack.
Dell Releases a Security Advisory and a Patch
According to SentinelLabs, the research team reported the findings of these vulnerabilities to Dell on December 1, 2020. Now, the PC maker has released a Security Advisory (DSA-2021-088) for this vulnerability and has also released an FAQ on the issue. All Dell users have been requested and recommended to install Dell’s updated DBUtil driver as soon as possible. SentinelLabs is also recommending the users to apply the latest patch to safeguard themselves against any potential attacks.
Additionally, if you’re a Dell user and you want to know if your machine is susceptible to the error of the file dbutil_2_3.sys, then you can follow the company’s guide addressing the vulnerability here.