CATEGORIES
home News

Hundreds Of Millions Of Dell PCs Dating Back To 2009 Need This Security Patch ASAP

by Brandon HillWednesday, May 05, 2021, 02:44 AM EDT
XPS 13 black
Dell is one of the most popular PC brands globally, selling millions of laptops, desktops, and server systems to everyday consumers and businesses alike each year. However, SentinelLabs researchers warned this week that five critical security flaws have been lurking in its firmware update driver since the early days of President Obama's first term.

Attackers could have potentially exploited these flaws to conduct escalation of privilege attacks for kernel-level access on hundreds of millions of Dell and Alienware PCs. Multiple vulnerabilities were traced to Dell's firmware update driver version 2.3 (dbutil_2_3.sys) module. This module is responsible for Dell firmware updates using the Dell BIOS utility and comes preinstalled in nearly every Dell PC system since 2009.

The collective vulnerabilities are tracked as CVE-2021-21551 and have a CVSS score of 8.8 out of 10 for severity.  Four of the five relate to local elevation of privileges (two for memory corruption, two for lack of input validation), while the last is a denial of service vulnerability (code logic issue).

"While we haven't seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action," said Kasif Dekel of SentinelLabs.

For now, Dell has released guidance for customers on the dbutil_2_3.sys driver via its DSA-2021-088 Knowledge Base Article. The company recommends that you remove the driver manually using the steps outlined in the article or download the Dell Security Advisory Update – DSA-2021-088 utility. Dell recommends the latter solution to tackle the security issue while preserving the software utility meant to keep your system up-to-date.

Interestingly enough, although Dell was first alerted to the exploitive driver back in December 2020, it has yet to revoke its certificate. This means that Dell and Alienware users that do not take the precautions mentioned above are still at risk, with Dekel adding, "This is not considered best practice since the vulnerable driver can still be used in a BYOVD attack."

Tags:  Dell, security, Alienware, vulnerability, (nyse:dell)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment