Hundreds of millions of Dell desktops, laptops and servers have serious security vulnerabilities that allow malware to take over their computers.
The total of five errors have to do with a system driver from 2009 called dbutil_2_3.sys, which the user can use to update that of a computer BIOS / UEFI firmware (the low-level motherboard software that starts a PC) under Windows.
This faulty driver is preinstalled on newer Dell computers Sentinel One Researcher Kasif Dekel in a report. Older Dell computers may have the driver installed when they updated their BIOS / UEFI or other firmware.
All versions of Windows are affected, although Dell computers should be fine on Linux.
What can you do now?
To fix this bug, Dell has released a Tool that removes the dodgy system driver. You will need to enter the name or service tag of your Dell model. Then the tool’s webpage should contain the correct driver along with the removal tool.
However, we have found that not everyone can use the tool. There is a fix for our 2018 year Dell Latitude 5490Our 2013 Dell XPS 13 (which is running the latest version of Windows 10) is out of luck.
We’re not sure if that means the XPS 13 didn’t ship with the driver in question, or if Dell just doesn’t care about eight-year-old machines. But we’ll ask Dell and update this story as soon as we get a response.
Dell is promising an “enhanced” version of the Firmware Removal and Update Tool on May 10th that will fix some of the above issues. It’s hard to say because it isn’t Dell security advisory still his FAQ about the faulty driver were written for everyone but IT professionals.
Alternatively, according to Dell, you can see whether the driver file dbutil_2_3.sys is in the file paths “C: Users
If so, select it and hit the Delete key on your keyboard while holding down the Shift key to permanently delete the file.
How the mistakes lead to hackers taking over your machine
Dekel does not explain exactly how these errors are summarized in the list of individual vulnerabilities CVE-2021-21551can be exploited.
Sentinel One, Dell, and Microsoft agree that they will not reveal the details until users have had time to fix the errors. But the result is that a local user, even one with limited privilegescan use these errors to “Escalate Privileges” and take full control of the system.
“The serious shortcomings could allow any user on the computer, even without permissions, to increase their permissions and execute code in kernel mode,” Dekel wrote in his company report. “One of the obvious abuses of such vulnerabilities is that they could be used to bypass security products,” such as: Antivirus software.
Kernel mode is a system privilege that even users with administrator rights – the ability to install, update, and delete software – normally do not have.
This means that malware that infects even the least privileged user account – for example, one owned by a child – can take advantage of these flaws to add new functionality and take full control of the system.
Here is a video from Sentinel One that shows one of these exploits in action. The command line screens show a restricted “weak user” running a program called Exploit.exe, which suddenly grants the “weak user” a variety of system privileges.
Dekel said that when his report was released yesterday, there was no indication that any bad guys had used these bugs to attack machines.