If you own a Dell PC, you need to pay attention to this. Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks:
The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer’s BIOS and hardware. In a report published today and shared with The Record, security firm SentinelOne said it found a vulnerability in this driver that could be abused to allow threat actors access driver functions and execute malicious code with SYSTEM and kernel-level privileges. Researchers said the DBUtil vulnerability cannot be exploited over the internet to gain access to unpatched systems remotely. Instead, threat actors who gained initial access to a computer, even to a low-level account, could abuse this bug to take full control over the compromised PC — in what the security community typically describes as a privilege escalation vulnerability.
This is a big deal that affects home and business users. Dell has a document that you should read here which speaks to this issue and how to address it. Thus I would strongly suggest any Dell user take heed of this and act accordingly.
Like this:
Like Loading...
Related
This entry was posted on May 4, 2021 at 1:59 pm and is filed under Commentary with tags Dell. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Dell Just Patched A 12 Year Old Vulnerability That Exposed Hundreds Of Millions Of Dells To Being Pwned
If you own a Dell PC, you need to pay attention to this. Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks:
The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer’s BIOS and hardware. In a report published today and shared with The Record, security firm SentinelOne said it found a vulnerability in this driver that could be abused to allow threat actors access driver functions and execute malicious code with SYSTEM and kernel-level privileges. Researchers said the DBUtil vulnerability cannot be exploited over the internet to gain access to unpatched systems remotely. Instead, threat actors who gained initial access to a computer, even to a low-level account, could abuse this bug to take full control over the compromised PC — in what the security community typically describes as a privilege escalation vulnerability.
This is a big deal that affects home and business users. Dell has a document that you should read here which speaks to this issue and how to address it. Thus I would strongly suggest any Dell user take heed of this and act accordingly.
Share this:
Like this:
Related
This entry was posted on May 4, 2021 at 1:59 pm and is filed under Commentary with tags Dell. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.