DELL CVE-2021-21551

Dell is well known for proprietary solution has had one software component come back to bite them. CVE-2021-21551 is a vulnerability in Dell’s dbutil_2_3.sys driver.

  • SentinelLabs has discovered five high severity flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets.
  • Attackers may exploit these vulnerabilities to locally escalate to kernel-mode privileges.
  • Since 2009, Dell has released hundreds of millions of Windows devices worldwide which contain the vulnerable driver.
  • SentinelLabs findings were proactively reported to Dell on Dec 1, 2020 and are tracked as CVE-2021-21551, marked with CVSS Score 8.8.
  • Dell has released a security update to its customers to address this vulnerability.
  • At this time, SentinelOne has not discovered evidence of in-the-wild abuse.

Because of proprietary software problems Microsoft introduced the Signature Edition for Windows which signified the operating system was clean. The old HP Stream 7 was provisioned as such.

The American NIST said the Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. NIST maintains a database of security threats which rates the severity.

The vulnerable driver, dbutil_2_3.sys, will only be present on Windows systems that have used Dell update utilities to install BIOS, drivers and firmware, including:

  • Alienware Update
  • Dell Command | Update
  • Dell Platform Tags
  • Dell SupportAssist
  • Dell System Inventory Agent
  • Dell Update

Notably, the researchers that originally discovered these flaws are delaying the release of a privilege escalation proof-of-concept (PoC) until 1 June 2021 to allow time for patching although, upon release, this could see exploitation by lower-sophistication threat actors.