04 May 21, 16:18
(This post was last modified: 04 May 21, 16:20 by silversurfer.)
Quote:Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said.
The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code and pivot to other parts of the network for lateral movement, according to SentinelLabs.
The multiple local privilege-escalation (LPE) bugs exist in the firmware update driver version 2.3 (dbutil_2_3.sys) module, which has been in use since 2009. The driver component handles Dell firmware updates via the Dell BIOS Utility, and it comes pre-installed on most Dell machines running Windows.
“Hundreds of millions of Dell devices have updates pushed on a regular basis, for both consumer and enterprise systems,” according to SentinelLabs researchers, writing in a Tuesday blog posting.
The five bugs are collectively tracked as CVE-2021-21551, and they carry a CVSS vulnerability-severity rating of 8.8 out of 10.
Read more: Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs | Threatpost