Notification

Icon
Error

Dell Client Vulnerability DSA-2021-088

Posted: Wednesday, May 5, 2021 7:22:25 PM(UTC)
ucorreia

ucorreia

Member Original PosterPosts: 2
0
Like
This issue has been solved! Click here to view the solution
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/sup...ss-control-vulnerability
kjstech
#1kjstech Member Posts: 14  
posted: 5/5/2021 7:39:25 PM(UTC)
Originally Posted by: ucorreia Go to Quoted Post
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/sup...ss-control-vulnerability


We setup a custom file scan in Lansweeper to at least give an overview of which systems have the file on it...
%windir%\Temp\dbutil_2_3.sys

Dell claims it may also be in %userprofile%\AppData\Local\Temp\dbutil_2_3.sys as well but I have yet to see it there. Its always in Windows\temp in our environment.

Then from there you can extract the dell files to an accessable share and run psexec against a list of computers \\domain\dfs\share\DBUtilRemovalTool.exe /s for example.
looktall
#2looktall Member Posts: 18  
posted: 10/6/2021 9:02:29 AM(UTC)
Originally Posted by: kjstech Go to Quoted Post
Originally Posted by: ucorreia Go to Quoted Post
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/sup...ss-control-vulnerability


We setup a custom file scan in Lansweeper to at least give an overview of which systems have the file on it...
%windir%\Temp\dbutil_2_3.sys

Dell claims it may also be in %userprofile%\AppData\Local\Temp\dbutil_2_3.sys as well but I have yet to see it there. Its always in Windows\temp in our environment.

Then from there you can extract the dell files to an accessable share and run psexec against a list of computers \\domain\dfs\share\DBUtilRemovalTool.exe /s for example.


That's similar to what i did.

I configured a custom file scan for the dbutil sys file.

Then i created a report based on the custom file scan to locate the affected devices.

Then I then created a deployment for the DBUtilremoval tool.
Step 1 of the deployment checks for a log file, step two runs the removal tool and creates a log file on the local machine once complete.

I then created a scheduled deployment to target devices in the report as they are scanned.

The end result is any computer that has the vulnerability automatically has it removed (provided it stays online long enough to be scanned and then have the deployment tool run).


Ultimately though the fix is to update the bios.

Active Discussions

Lansweeper Exclude non-windows assets from scanning by assetname
by  rapheren   Go to last post Go to first unread
Last post: Today at 1:18:12 PM(UTC)
Lansweeper HTTPS Certifikate untrusted
by  pskup  
Go to last post Go to first unread
Last post: Today at 9:20:07 AM(UTC)
Lansweeper Migrate to new host but without SQL
by  pskup   Go to last post Go to first unread
Last post: Today at 9:03:14 AM(UTC)
Lansweeper Object reference error after updating to 10.2.0.0
by  Erik.T  
Go to last post Go to first unread
Last post: Today at 8:10:25 AM(UTC)
Lansweeper Detect Docking Stations
by  CyberCitizen   Go to last post Go to first unread
Last post: Today at 12:59:42 AM(UTC)
Lansweeper Custom reporting - Asset Groups and AD Description
by  rbshawn  
Go to last post Go to first unread
Last post: Yesterday at 10:54:10 PM(UTC)
Lansweeper A FIX for an odd Scan Error WMI/DCOM from scanning server
by  danielm   Go to last post Go to first unread
Last post: Yesterday at 10:14:44 PM(UTC)
Lansweeper Purging helpdesk tickets older than 5 years
by  SentryP  
Go to last post Go to first unread
Last post: Yesterday at 6:13:37 PM(UTC)