Dell has launched a safety patch for its firmware replace driver module that carried as many as 5 high-severity flaws which are impacting doubtlessly a whole lot and hundreds of thousands of its desktops, laptops, notebooks, and tablets primarily based on Windows. The firmware replace driver module in query has been in use since at the least 2009 and is accessible even on the most recent Dell machines. This signifies that the intense vulnerabilities have remained undisclosed for not lower than 12 years. The bugs may enable attackers to bypass safety and achieve kernel-level permissions to execute code and even transfer from one device to a different by having access to an organisation’s community.
According to Dell, the susceptible driver module is not available pre-installed on its machines and is accessible solely after getting utilized a BIOS, Thunderbolt, TPM, or dock firmware replace to your system.
Dell additionally despatched this assertion to Gadgets 360: “We remediated a vulnerability (CVE-2021-21551) in a driver (dbutil_2_3.sys) affecting certain Windows-based Dell computers. We have seen no evidence this vulnerability has been exploited by malicious actors to date. We encourage customers to review the Dell Security Advisory (DSA-2021-088) and follow the remediation steps as soon as possible. We’ve also posted an FAQ for additional information. Thanks to the researchers for working directly with us to resolve the issue.”
Threat intelligence agency SentinelLabs discovered the problems that exist in Dell’s firmware replace driver model 2.3 (dbutil_2_3.sys) module. The similar module isn’t just restricted to Dell machines but in addition some Alienware gaming laptops and desktops. SentinelLabs additionally cautioned that the susceptible driver module may nonetheless be utilized in a BYOVD assault as Dell didn’t revoke the certificates whereas releasing the patch.
Gadgets 360 has reached out to Dell for additional clarification.
One of the primary points within the firmware replace driver module is that it accepts Input/ Output Control (IOCTL) requests with none Access Control (ACL) necessities.
“Allowing any process to communicate with your driver is often a bad practice since drivers operate with the highest of privileges; thus, some IOCTL functions can be abused ‘by design’,” SentinelLabs researcher Kasif Dekel stated.
The driver module can be discovered to permit execution of In/ Out (I/O) directions in kernel mode with arbitrary operands (LPE #3 and LPE #4). This in less complicated phrases signifies that one may work together with peripheral units such because the HDD and GPU to both learn or write on to the disk by bypassing all safety mechanisms within the operating system.
Additionally, the motive force file itself is discovered to be positioned within the momentary folder of the operating system. SentinelLabs calls it a bug in itself and believes that it opens the door to different points.
“The classic way to exploit this would be to transform any BYOVD (Bring Your Own Vulnerable Driver) into an Elevation of Privileges vulnerability since loading a (vulnerable) driver means you require administrator privileges, which essentially eliminates the need for a vulnerability,” the researcher famous.
Dell is conscious of the problems reported by SentinelLabs since December 2020 and has tracked them as CVE-2021-21551. The vulnerabilities additionally carry CVSS vulnerability-severity ranking of 8.8 out of 10. However, each Dell and SentinelLabs notice that they have not observed any proof of the vulnerabilities being exploited within the wild.
For all of the affected machines, Dell has released the patch that customers are extremely really useful to put in from their finish via the Dell or Alienware Update utility. The firm has additionally supplied an inventory of fashions which are being stand susceptible as a result of bugs. The listing consists of over 380 fashions and consists of a number of the standard Dell machines, corresponding to the most recent XPS 13 and XPS 15 notebooks in addition to the Dell G3, G5, and G7 gaming laptops. There are additionally practically 200 affected machines which are not eligible for an official service and embrace the Alienware 14, Alienware 17, and the Dell Latitude 14 Rugged Extreme.
This will not be the primary time when a extreme safety challenge has been discovered on Dell machines. In 2019, the corporate patched a critical flaw in its SupportAssist tool that affected hundreds of thousands of its PC customers globally. Another critical challenge was found in the Dell System Detect program again in 2015 that additionally uncovered a lot of its customers to assault.