Dell has launched a safety patch for its firmware replace driver module that carried as many as 5 high-severity flaws which might be impacting doubtlessly lots of and thousands and thousands of its desktops, laptops, notebooks, and tablets primarily based on Windows. The firmware replace driver module in query has been in use since a minimum of 2009 and is on the market even on the newest Dell machines. This implies that the intense vulnerabilities have remained undisclosed for not lower than 12 years. The bugs might permit attackers to bypass safety and achieve kernel-level permissions to execute code and even transfer from one machine to one other by gaining entry to an organisation’s community.
According to Dell, the susceptible driver module is not available pre-installed on its machines and is on the market solely after getting utilized a BIOS, Thunderbolt, TPM, or dock firmware replace to your system.
Dell additionally despatched this assertion to Gadgets 360: “We remediated a vulnerability (CVE-2021-21551) in a driver (dbutil_2_3.sys) affecting certain Windows-based Dell computers. We have seen no evidence this vulnerability has been exploited by malicious actors to date. We encourage customers to review the Dell Security Advisory (DSA-2021-088) and follow the remediation steps as soon as possible. We’ve also posted an FAQ for additional information. Thanks to the researchers for working directly with us to resolve the issue.”
Threat intelligence agency SentinelLabs discovered the problems that exist in Dell’s firmware replace driver model 2.3 (dbutil_2_3.sys) module. The similar module is not only restricted to Dell machines but additionally some Alienware gaming laptops and desktops. SentinelLabs additionally cautioned that the susceptible driver module might nonetheless be utilized in a BYOVD assault as Dell didn’t revoke the certificates whereas releasing the patch.
Gadgets 360 has reached out to Dell for additional clarification.
One of the primary points within the firmware replace driver module is that it accepts Input/ Output Control (IOCTL) requests with none Access Control (ACL) necessities.
“Allowing any process to communicate with your driver is often a bad practice since drivers operate with the highest of privileges; thus, some IOCTL functions can be abused ‘by design’,” SentinelLabs researcher Kasif Dekel mentioned.
The driver module can be discovered to permit execution of In/ Out (I/O) directions in kernel mode with arbitrary operands (LPE #3 and LPE #4). This in less complicated phrases implies that one might work together with peripheral units such because the HDD and GPU to both learn or write instantly to the disk by bypassing all safety mechanisms within the working system.
Additionally, the motive force file itself is discovered to be positioned within the short-term folder of the working system. SentinelLabs calls it a bug in itself and believes that it opens the door to different points.
“The classic way to exploit this would be to transform any BYOVD (Bring Your Own Vulnerable Driver) into an Elevation of Privileges vulnerability since loading a (vulnerable) driver means you require administrator privileges, which essentially eliminates the need for a vulnerability,” the researcher famous.
Dell is conscious of the problems reported by SentinelLabs since December 2020 and has tracked them as CVE-2021-21551. The vulnerabilities additionally carry CVSS vulnerability-severity ranking of 8.8 out of 10. However, each Dell and SentinelLabs be aware that they have not observed any proof of the vulnerabilities being exploited within the wild.
For all of the affected machines, Dell has released the patch that customers are extremely really helpful to set up from their finish by the Dell or Alienware Update utility. The firm has additionally supplied a checklist of fashions which might be being stand susceptible due to the bugs. The checklist consists of over 380 fashions and consists of a few of the fashionable Dell machines, equivalent to the newest XPS 13 and XPS 15 notebooks in addition to the Dell G3, G5, and G7 gaming laptops. There are additionally practically 200 affected machines which might be now not eligible for an official service and embrace the Alienware 14, Alienware 17, and the Dell Latitude 14 Rugged Extreme.
This shouldn’t be the primary time when a extreme safety challenge has been discovered on Dell machines. In 2019, the corporate patched a critical flaw in its SupportAssist tool that affected thousands and thousands of its PC customers globally. Another severe challenge was found in the Dell System Detect program again in 2015 that additionally uncovered a massive variety of its customers to assault.
Is MacBook Air M1 the moveable beast of a laptop computer that you simply all the time needed? We mentioned this on Orbital, the Gadgets 360 podcast. Orbital is on the market on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.