Dell BIOS Driver Software Receives Patch To Fix Critical Security Issues

Researchers from SentinelLabs discovered five critical vulnerabilities (dubbed as CVE-2021-21551) within a driver installed on Dell devices. Millions of Dell computers are at risk due to a vulnerability in the dbutil_2_3.sys driver. This driver is used by Dell update software to update your firmware and BIOS and comes pre-installed on many Dell devices.

⚡ TL;DR | Go Straight to the Dell BIOS Driver vulnerability Audit Report.

CVE-2021-21551

Currently, Dell's Security Advisory advises the following regarding the security issues:

"Immediately remove the vulnerable dbutil_2_3.sys driver from the affected system using one of the following options from Step 1 below: download and run a utility to remove the driver from the system (Option 1), manually remove the driver from the system (Option 2), or on or after May 10, 2021, utilize one of the Dell notification solutions to run the utility (Option 3)"

The driver file mentioned can be located in the following directories.

  • C:\Users\<username>\AppData\Local\Temp
  • C:\Windows\Temp

This CVE contains 5 separate high severity vulnerabilities within the firmware update driver:

CVE CodeDescription
CVE-2021-21551Memory corruption - Elevation Of Privileges
CVE-2021-21551Memory corruption - Local Elevation of Privileges
CVE-2021-21551Lack of input validation - Local Elevation of Privileges
CVE-2021-21551Lack of input validation - Local Elevation of Privileges
CVE-2021-21551Code Logic Issue - Denial of Service
Dell BIOS Driver Vulnerability CVE Codes

The most obvious use of these flaws is that they can bypass security products but even more dangerous is that it could allow for any user to escalate their privileges in order to run code in kernel mode.

If a hacker has access to a company's network, they might also gain access to execute malicious code on unpatched Dell systems which could give the attacker local elevation of privilege.

Get Started with IT Asset Management 2.0

Discover assets you don't even know about and learn why Lansweeper is used by thousands of organizations worldwide.

Solution

To help with identifying which of your assets might be vulnerable, we have created a report that lists all Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags installations.

If you're looking for even more help and not afraid of some DIY work, you can also set up a file property scan for one of the two file locations, C:\Windows\Temp\dbutil_2_3.sys.

Additionally, Reddit has been hard at work with creative solutions to run Dell's driver deletion utility, including ways to log the results.

If you do end up logging when the driver is deleted, you can use file property scanning again to detect whether the log file has been created or not and use the file property report to give you an overview of which machines you've already "fixed".

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​