Dell is well known for proprietary solution has had one software component come back to bite them. CVE-2021-21551 is a vulnerability in Dell’s dbutil_2_3.sys driver.
- SentinelLabs has discovered five high severity flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets.
- Attackers may exploit these vulnerabilities to locally escalate to kernel-mode privileges.
- Since 2009, Dell has released hundreds of millions of Windows devices worldwide which contain the vulnerable driver.
- SentinelLabs findings were proactively reported to Dell on Dec 1, 2020 and are tracked as CVE-2021-21551, marked with CVSS Score 8.8.
- Dell has released a security update to its customers to address this vulnerability.
- At this time, SentinelOne has not discovered evidence of in-the-wild abuse.
Because of proprietary software problems Microsoft introduced the Signature Edition for Windows which signified the operating system was clean. The old HP Stream 7 was provisioned as such.
The American NIST said the Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. NIST maintains a database of security threats which rates the severity.
The vulnerable driver, dbutil_2_3.sys, will only be present on Windows systems that have used Dell update utilities to install BIOS, drivers and firmware, including:
- Alienware Update
- Dell Command | Update
- Dell Platform Tags
- Dell SupportAssist
- Dell System Inventory Agent
- Dell Update
Notably, the researchers that originally discovered these flaws are delaying the release of a privilege escalation proof-of-concept (PoC) until 1 June 2021 to allow time for patching although, upon release, this could see exploitation by lower-sophistication threat actors.