Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Millions of Dell PCs could be at risk from driver security flaw dating from 2009

Image Description

Dell has released a patch addressing multiple vulnerabilities in its DBUtil BIOS driver after a security researcher found that the driver in question could be abused by an attacker to gain increased system privileges.

The vulnerable driver was first discovered by security research Kasif Dekel from SentinelLabs, with the team informing Dell of the issue in December 2020.

According to the SentinelLabs, the driver has been vulnerable since 2009 though there is no evidence at this time that its flaws have been exploited in the wild.

The DBUtil BIOS driver comes pre-installed on many Dell laptops and desktops running Windows and is responsible for Dell Firmware Updates via the Dell BIOS Utility. It is estimated that hundreds of millions of devices from the company received the vulnerable driver through BIOS updates.

Five separate flaws

After examining the DBUtil driver more closely, Dekel discovered a collection of five flaws, currently tracked as CVE-2021-21551 by Dell, that can be exploited to “escalate privileges from a non-administrator users to kernel mode privileges”.

Of the five separate flaws found in Dell's driver, two are memory corruption issues, two are security failures caused by a lack of input validation and one is a logic issue that could potentially be exploited to trigger denial-of-service. In addition to discovering these flaws, Dekel has also created Proof-of-Concept (PoC) code which he plans to release on June 1 in order to give Dell users time to apply the company's patch.

In a new blog post, Dekel explained SentinelLab's decision to release its research publicly, saying:

“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action. Our reason for publishing this research is to not only help our customers but also the community to understand the risk and to take action.”

Dell users should check out the company's new advisory and FAQ document which contain remediation steps for these flaws. As Dekel mentioned, users should install Dell's updated DBUtil driver as soon as possible to prevent falling victim to any potential attacks trying to exploit these security flaws.

Via ZDNet

Date

05 May 2021

Sources


Share


Other Blog

  • Whitepaper: 4 Tried and true customer retention tips for revenue growth

    Four top tips to retain customers, grow business revenue, and repeat!

    Read More
  • Windows and LinkedIn flaws used in Conti ransomware attacks, Google warns

    An initial access broker, working on behalf of the Conti ransomware group (among others), has been targeting hundreds of organizations every day, leveraging a flaw in MSHTML, a proprietary browser engine for Windows, Google’s researchers are saying.

    Google’s Threat Analysis Group found a group dubbed “Exotic Lily” working as an initial access broker - breaching target networks, before selling the acquired access to the highest bidder.

    Ransomware operators often outsource the initial access efforts, in order to focus entirely on the distribution of the ransomware itself, and the subsequent push towards ransom payment.

    TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    >> Click here to start the survey in a new window

    Fake LinkedIn scam

    Exotic Lily was relatively advanced in its tactics, and uses “unusual” amounts of gruntwork, for a mass-scale operation, Google claims.

    The group would use domain and identity spoofing to pose as a legitimate business, and send out phishing emails, usually faking a business proposal. They would also use publicly available Artificial Intelligence (AI) tools to generate authentic images of humans, to create fake LinkedIn accounts, which would help the campaign’s credibility. 

    After initial contact has been made, the threat actor would upload malware to a public file-sharing service, such as WeTransfer, to avoid detection by antivirus programs, and increase the chances of delivery to the target endpoint. The malware, usually a weaponized document, exploits a zero-day in Microsoft’s MSHTML browser engine, tracked as CVE-2021-40444. The second-stage deployment usually carried the BazarLoader.

    Google’s researchers believe the group stands alone, and works for the higher bidder. So far, it’s been linked to Conti, Diavol, a swell as Wizard Spider (an alleged operator for the Ryuk ransomware). 

    Exotic Lily was first spotted in September last year, and at peak performance, is able to send out more than 5,000 phishing emails to more than 650 organizations, Google claims. It seems the threat actor focuses mostly on firms in IT, cybersecurity, and healthcare, although it’s been casting a somewhat larger net, as of lately. 

    Via: TechCrunch

    Read More
  • I couldn’t buy a PS5 so I built my own console – and lost my mind in the process

    Instead of buying a PS5, I decided to build my own console using components I already have. It was the best and worst decision of my life.

    Read More
  • Zoom announces pricing in Indian rupees for users

    For the first time, Zoom, the video conferencing platform, will sell directly to consumers in India, as it has come up with pricing plans in Indian rupees.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us