Home Internet Security Vulnerable Dell driver puts hundreds of millions of systems at risk

Vulnerable Dell driver puts hundreds of millions of systems at risk


Privilege escalation on Dell systems via DBUtil driver

A driver that’s been pushed for the previous 12 years to Dell pc units for shoppers and enterprises accommodates a number of vulnerabilities that would result in elevated privileges on the system.

It’s estimated that tons of of thousands and thousands of Dell computer systems, from desktops and laptops to tablets, acquired the susceptible driver by way of BIOS updates.

5 flaws in a single

A group of 5 flaws, collectively tracked as CVE-2021-21551, have been found in DBUtil, a driver from that Dell machines set up and cargo through the BIOS replace course of and is unloaded on the subsequent reboot.

Wanting nearer on the DBUtil driver, Kasif Dekel, a safety researcher at cybersecurity firm Sentinel One, discovered that it may be exploited “to escalate privileges from a non-administrator person to kernel mode privileges.”

Code from an attacker operating with this stage of permissions would have unrestricted entry to all {hardware} out there on the system, together with referencing any reminiscence tackle.

This kind of vulnerability shouldn’t be thought-about essential as a result of an attacker exploiting it must have compromised the pc beforehand. Nevertheless, it permits menace actors and malware to realize persistence on the contaminated system.

Though there’s a single monitoring quantity, Dekel says that there are 5 separate flaws, most of them resulting in privilege escalation and one code logic situation that results in denial of service.

CVE-2021-21551 Native Elevation Of Privileges  Reminiscence corruption
CVE-2021-21551 Native Elevation Of Privileges Reminiscence corruption
CVE-2021-21551 Native Elevation Of Privileges Lack of enter validation
CVE-2021-21551 Native Elevation Of Privileges Lack of enter validation
CVE-2021-21551 Denial of Service Code logic situation

The researcher offers technical data in a weblog publish in the present day however holds again the main points for triggering and exploiting the failings to present customers time to use the patch. He plans to share proof-of-concept exploit code on June 1st.

Dekel says that Dell has ready a security advisory for this vulnerability. The treatment is a hard and fast driver however the researcher says that in the meanwhile of writing the report the corporate had not revoked the certificates for the susceptible driver, which means that an adversary on the community can nonetheless use it in an assault.

“An attacker with entry to a company’s community can also achieve entry to execute code on unpatched Dell methods and use this vulnerability to realize native elevation of privilege. Attackers can then leverage different strategies to pivot to the broader community, like lateral motion” – Sentinel One

Regardless of the longevity of the susceptible DBUtil driver and the big variety of potential victims, Sentinel One says that they haven’t seen any indicators about these vulnerabilities being exploited within the wild. Nevertheless, this may occasionally quickly change.

The corporate has published a video to point out {that a} susceptible DBUtil driver might be exploited to realize native privilege escalation on a goal system.


Source link