Millions of Dell PCs could be at risk from driver security flaw dating from 2009

Dell has released a patch addressing multiple vulnerabilities in its DBUtil BIOS driver after a security researcher found that the driver in question could be abused by an attacker to gain increased system privileges.

The vulnerable driver was first discovered by security research Kasif Dekel from SentinelLabs, with the team informing Dell of the issue in December 2020.

According to the SentinelLabs, the driver has been vulnerable since 2009 though there is no evidence at this time that its flaws have been exploited in the wild.

• We've built a list of the best endpoint protection software available
• Keep your devices virus free with the best malware removal software
• Also check out our roundup of the best firewall

The DBUtil BIOS driver comes pre-installed on many Dell laptops and desktops running Windows and is responsible for Dell Firmware Updates via the Dell BIOS Utility. It is estimated that hundreds of millions of devices from the company received the vulnerable driver through BIOS updates.

Five separate flaws

After examining the DBUtil driver more closely, Dekel discovered a collection of five flaws, currently tracked as CVE-2021-21551 by Dell, that can be exploited to “escalate privileges from a non-administrator users to kernel mode privileges”.

Of the five separate flaws found in Dell's driver, two are memory corruption issues, two are security failures caused by a lack of input validation and one is a logic issue that could potentially be exploited to trigger denial-of-service. In addition to discovering these flaws, Dekel has also created Proof-of-Concept (PoC) code which he plans to release on June 1 in order to give Dell users time to apply the company's patch.

In a new blog post, Dekel explained SentinelLab's decision to release its research publicly, saying:

“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action. Our reason for publishing this research is to not only help our customers but also the community to understand the risk and to take action.”

Dell users should check out the company's new advisory and FAQ document which contain remediation steps for these flaws. As Dekel mentioned, users should install Dell's updated DBUtil driver as soon as possible to prevent falling victim to any potential attacks trying to exploit these security flaws.

• We've also highlighted the best antivirus

Via ZDNet