Notification

Icon
Error

Can someone post a report on the new Dell dbutil driver vulnerability?

Posted: Wednesday, May 5, 2021 2:30:06 PM(UTC)
kjstech

kjstech

Member Original PosterPosts: 14
0
Like
I don't know how to make reports but Lansweeper has done a fantastic job posting reports of monthly patch checking, Chrome and Firefox vulnerabilities, the recent NVidia driver vulnerability.

There's a new one I learned about yesterday detailed here:
https://www.dell.com/sup...ss-control-vulnerability

Can someone write a report for this? 99% of our fleet are Dell PC's and Dell is a very popular brand, in fact, that's all I see in the healthcare and local hospital. I imagine their market share is big enough to warrant Lansweeper coming out with a report for this.

Thanks!
notesguru99
#1notesguru99 Member Alpha Tester Posts: 21  
posted: 5/18/2021 9:20:15 AM(UTC)
Yep, this would be a very useful report. I found this on the Sophos site - if you are a reporting whizz this may help you create something for Lansweeper...

-- Check if the dbutil_2_3.sys file is present or not
SELECT
CASE WHEN (SELECT 1 FROM file WHERE path
LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path
LIKE 'C:\Windows\Temp\dbutil_2_3.sys') = 1
THEN 'SYSTEM REQUIRES ATTENTION: File for CVE-2021-21551 (dbutil_2.3.sys) located in directory '||
(SELECT directory FROM file WHERE path
LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path
LIKE 'C:\Windows\Temp\dbutil_2_3.sys')
ELSE 'File for CVE-2021-21551 (dbutil_2_3.sys) not found'
END Status
Ben P
#2Ben P Member Posts: 1  
posted: 5/19/2021 4:49:34 PM(UTC)
This was announced on the Lansweeper blog the same day as your original post:
https://www.lansweeper.c...y-issues-cve-2021-21551/

Or to see the report directly:
https://www.lansweeper.c...l-update-software-audit/

Dell Update Software Query
Code:
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
tblSoftwareUni.SoftwarePublisher As Publisher,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftware.Lastchanged As SoftwareLastChanged
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where (tblSoftwareUni.softwareName Like '%SupportAssist%' or tblSoftwareUni.softwareName Like '%Command%'
Or tblSoftwareUni.softwareName Like '%System Inventory Agent%' Or tblSoftwareUni.softwareName Like '%Update%'
Or tblSoftwareUni.softwareName Like '%Platform Tags%') and tblSoftwareUni.SoftwarePublisher LIKE '%Dell%' And tblState.Statename =
'Active'
Order By tblAssets.IPAddress Desc
Esben.D
#3Esben.D Member Administration Posts: 2,041  
posted: 5/20/2021 4:50:06 PM(UTC)
Originally Posted by: notesguru99 Go to Quoted Post
Yep, this would be a very useful report. I found this on the Sophos site - if you are a reporting whizz this may help you create something for Lansweeper...

-- Check if the dbutil_2_3.sys file is present or not
SELECT
CASE WHEN (SELECT 1 FROM file WHERE path
LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path
LIKE 'C:\Windows\Temp\dbutil_2_3.sys') = 1
THEN 'SYSTEM REQUIRES ATTENTION: File for CVE-2021-21551 (dbutil_2.3.sys) located in directory '||
(SELECT directory FROM file WHERE path
LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path
LIKE 'C:\Windows\Temp\dbutil_2_3.sys')
ELSE 'File for CVE-2021-21551 (dbutil_2_3.sys) not found'
END Status


The problem with this one is that Lansweeper File property scanning cannot use wildcards, and the file can be in the User folder (so you really do need a wildcard)

I did create a script that you might be able to use in combination with file scanning to detect where the file was found: https://www.reddit.com/r...dium=web2x&context=3

But Ben did find what you are probably looking for:

Originally Posted by: Ben P Go to Quoted Post
This was announced on the Lansweeper blog the same day as your original post:
https://www.lansweeper.c...y-issues-cve-2021-21551/


Active Discussions

Lansweeper Ticket Content Default Value
by  CPG   Go to last post Go to first unread
Last post: Yesterday at 8:45:12 PM(UTC)
Lansweeper New status to mimic Closed
by  chris.anderson  
Go to last post Go to first unread
Last post: Yesterday at 7:14:27 PM(UTC)
Lansweeper Active Directory Groups not scanned properly
by  cross_eur   Go to last post Go to first unread
Last post: Yesterday at 5:45:00 PM(UTC)
Lansweeper Change Management - Voting and Tracking
by  brodiemac-too  
Go to last post Go to first unread
Last post: Yesterday at 2:48:01 PM(UTC)
Lansweeper No incoming Mails after update 8.4.100.9
by  EDELL   Go to last post Go to first unread
Last post: Yesterday at 2:38:50 PM(UTC)
Lansweeper Anti-Virus on Mac
by  Ian.Prentice  
Go to last post Go to first unread
Last post: Yesterday at 9:30:32 AM(UTC)
Lansweeper how to scan intune managed win10 clients?
by  brodiemac-too   Go to last post Go to first unread
Last post: 7/27/2021 9:17:07 PM(UTC)
Lansweeper Sort by in Helpdesk
by  brodiemac-too  
Go to last post Go to first unread
Last post: 7/27/2021 9:15:05 PM(UTC)