This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can someone post a report on the new Dell dbutil driver vulnerability?

kjstech
Engaged Sweeper III
‎05-05-2021 03:30 PM
I don't know how to make reports but Lansweeper has done a fantastic job posting reports of monthly patch checking, Chrome and Firefox vulnerabilities, the recent NVidia driver vulnerability.

There's a new one I learned about yesterday detailed here:
https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

Can someone write a report for this? 99% of our fleet are Dell PC's and Dell is a very popular brand, in fact, that's all I see in the healthcare and local hospital. I imagine their market share is big enough to warrant Lansweeper coming out with a report for this.

Thanks!
0 Kudos
3 Comments
notesguru99
Engaged Sweeper III
‎05-18-2021 10:20 AM
‎05-18-2021 10:20 AM
Yep, this would be a very useful report. I found this on the Sophos site - if you are a reporting whizz this may help you create something for Lansweeper...

-- Check if the dbutil_2_3.sys file is present or not
SELECT
CASE WHEN (SELECT 1 FROM file WHERE path
LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path
LIKE 'C:\Windows\Temp\dbutil_2_3.sys') = 1
THEN 'SYSTEM REQUIRES ATTENTION: File for CVE-2021-21551 (dbutil_2.3.sys) located in directory '||
(SELECT directory FROM file WHERE path
LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path
LIKE 'C:\Windows\Temp\dbutil_2_3.sys')
ELSE 'File for CVE-2021-21551 (dbutil_2_3.sys) not found'
END Status
0 Kudos
bprobst
Engaged Sweeper
‎05-19-2021 05:49 PM
‎05-19-2021 05:49 PM
This was announced on the Lansweeper blog the same day as your original post:
https://www.lansweeper.com/vulnerability/dell-bios-driver-software-receives-patch-to-fix-critical-security-issues-cve-2021-21551/

Or to see the report directly:
https://www.lansweeper.com/report/dell-update-software-audit/

Dell Update Software Query
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
tblSoftwareUni.SoftwarePublisher As Publisher,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftware.Lastchanged As SoftwareLastChanged
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where (tblSoftwareUni.softwareName Like '%SupportAssist%' or tblSoftwareUni.softwareName Like '%Command%' 
Or tblSoftwareUni.softwareName Like '%System Inventory Agent%' Or tblSoftwareUni.softwareName Like '%Update%' 
Or tblSoftwareUni.softwareName Like '%Platform Tags%') and tblSoftwareUni.SoftwarePublisher LIKE '%Dell%' And tblState.Statename =
'Active'
Order By tblAssets.IPAddress Desc
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee
‎05-20-2021 05:50 PM
‎05-20-2021 05:50 PM
notesguru99 wrote:
Yep, this would be a very useful report. I found this on the Sophos site - if you are a reporting whizz this may help you create something for Lansweeper...

-- Check if the dbutil_2_3.sys file is present or not
SELECT
CASE WHEN (SELECT 1 FROM file WHERE path
LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path
LIKE 'C:\Windows\Temp\dbutil_2_3.sys') = 1
THEN 'SYSTEM REQUIRES ATTENTION: File for CVE-2021-21551 (dbutil_2.3.sys) located in directory '||
(SELECT directory FROM file WHERE path
LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path
LIKE 'C:\Windows\Temp\dbutil_2_3.sys')
ELSE 'File for CVE-2021-21551 (dbutil_2_3.sys) not found'
END Status


The problem with this one is that Lansweeper File property scanning cannot use wildcards, and the file can be in the User folder (so you really do need a wildcard)

I did create a script that you might be able to use in combination with file scanning to detect where the file was found: https://www.reddit.com/r/sysadmin/comments/n4qzz5/dell_patches_12yearold_driver_vulnerability/gx1g7ic?utm_source=share&utm_medium=web2x&context=3

But Ben did find what you are probably looking for:

Ben P wrote:
This was announced on the Lansweeper blog the same day as your original post:
https://www.lansweeper.com/vulnerability/dell-bios-driver-software-receives-patch-to-fix-critical-security-issues-cve-2021-21551/


0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Popular Articles