Dell Releases Fix for Decades-Old Vulnerability Affecting 100 Million PCs

  • Dell has fixed a vulnerability that loomed in its PCs for 12 years, and which they knew about for two.
  • The problem is a buggy BIOS driver that is present in about 100 million Dell computers.
  • The flaw could potentially open the way to denial of service, privilege escalation, and code execution.

Dell has released a fix for a vulnerability tracked as CVE-2021-21551, and which has a CVSS score of 8.8. The flaw exists in the dbutil_2_3.sys driver, which is typically found in Dell computers that have fetched a firmware, BIOS, or driver update via Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags.

In practice, that would be about 100 million Dell computers that now need to get rid of the bad driver. To do that, you’ll either have to run another firmware update that will fetch Dell’s fixing patch or manually remove the driver by locating and deleting it.

Dell says they’re going to give a third option on May 10, 2021, when they’ll update the Dell notification solution to automatically download and apply the fixing patch. For this, though, you’ll need to ensure that the particular utility is configured to automatically download and apply updates. If you want to take care of the issue right now, just navigate to “C:\Users\\AppData\Local\Temp” and also “C:\Windows\Temp” and manually delete the “dbutil_2_3.sys” driver file.

The driver contains an insufficient access control vulnerability which could potentially lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required for the exploit to work, making it somewhat less critical – although still very important.

SentinelLabs, who discovered the flaw and reported it to Dell back in December 2020, says there are no indications that it is being exploited in the wild. However, now that the vulnerability has been published, crooks are expected to focus their efforts on scanning for unpatched systems. As the security firm explains, an attacker who has access to an organization’s network could execute code on unpatched Dell computers while bypassing security products, gain local elevation of privilege, and eventually pivot to the broader network.

Interestingly, the first vulnerable version of the DBUtil driver was released back in 2009, so CVE-2021-21551 remained undiscovered for 11 years and unpatched for 12. Even when the problem was reported to Dell, the computer maker initially thought of omitting the fixing effort since most of the affected products had reached EOL.

Eventually, Dell released a fix as the number of vulnerable systems was just too high to ignore the problem, and the negative publicity in the case of unpatched disclosure by SentinelLabs would be catastrophic. Dell workstations are found in a wide range of corporate environments, so updating them immediately should be non-negotiable.

REVIEW OVERVIEW

Latest

Dell Fixes Multiple BIOS Vulnerabilities Affecting Millions of Its Computers

Tens of millions of Dell computers are vulnerable to arbitrary remote code execution flaws.The problem lies in BIOS components that come as...

Former Executives of French Spyware Firms ‘Nexa’ and ‘Amesys’ Indicted for Aiding Torture

Four former executives of two French spyware firms have been indicted in Paris for aiding torture in Africa.These people were determined to...

How to Watch Wimbledon 2021 Online Without Cable: Live Stream Championships Anywhere

One of the most iconic tennis tournaments is almost upon us as the 2021 Wimbledon Championships take the stage. Tennis fans will...