Dell has released a patch that fixes several vulnerabilities in its DBUtil BIOS driver after a security researcher discovered that an attacker could have misused that driver to obtain increased system privileges.
The vulnerable driver was first discovered by a safety investigation by Kasif Dekel from SentinelLabs and the team reported their findings to the PC giant as early as December last year. According to a U.S. cybersecurity company, the driver has been vulnerable since 2009, although there is currently no evidence that its shortcomings have been exploited in the wild.
The DBUtil BIOS driver is preinstalled on many Dell laptops and desks Windows and is responsible for Dell firmware updates through the Dell BIOS Utility. It is estimated that hundreds of millions of enterprise devices received the vulnerable driver through BIOS updates.
Five distinct shortcomings
After a closer look at the DBUtil driver, Dekel found a collection of five bugs that are currently being tracked as CVE-2021-21551 With the help of Dell, which can be exploited to “extend the rights of non-administrator users to kernel mode rights.”
Of the five separate errors found in the Dell driver, two are memory corruption issues, two are security errors due to a lack of input validation, and one is a logical issue that could potentially be exploited to initiate a denial of service. In addition to finding these flaws, Dekel has also created Proof-of-Concept (PoC) code, which he plans to release on June 1 to give Dell users time to apply the company’s patch.
In the new blog post, Dekel explained SentinelLab’s decision to make his study public, saying:
“While we have so far seen no indication that these vulnerabilities have been exploited in the wild, the vulnerability of hundreds of millions of companies and users is currently inevitable, the attackers are looking for those who do not take appropriate action. The reason for publishing the study is not only to help our customers understand the risk and take action. “
Dell users should check the company for a new one advice giving and FAQ a document containing remedies for these deficiencies. As Dekel mentioned, users should install Dell’s updated DBUtil driver as soon as possible to prevent a potential attack victim from attempting to exploit these vulnerabilities.