Dell has released a fix for a vulnerability tracked as CVE-2021-21551, and which has a CVSS score of 8.8. The flaw exists in the dbutil_2_3.sys driver, which is typically found in Dell computers that have fetched a firmware, BIOS, or driver update via Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags.
In practice, that would be about 100 million Dell computers that now need to get rid of the bad driver. To do that, you’ll either have to run another firmware update that will fetch Dell’s fixing patch or manually remove the driver by locating and deleting it.
Dell says they’re going to give a third option on May 10, 2021, when they’ll update the Dell notification solution to automatically download and apply the fixing patch. For this, though, you’ll need to ensure that the particular utility is configured to automatically download and apply updates. If you want to take care of the issue right now, just navigate to “C:\Users\\AppData\Local\Temp” and also “C:\Windows\Temp” and manually delete the “dbutil_2_3.sys” driver file.
The driver contains an insufficient access control vulnerability which could potentially lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required for the exploit to work, making it somewhat less critical - although still very important.
SentinelLabs, who discovered the flaw and reported it to Dell back in December 2020, says there are no indications that it is being exploited in the wild. However, now that the vulnerability has been published, crooks are expected to focus their efforts on scanning for unpatched systems. As the security firm explains, an attacker who has access to an organization’s network could execute code on unpatched Dell computers while bypassing security products, gain local elevation of privilege, and eventually pivot to the broader network.
Interestingly, the first vulnerable version of the DBUtil driver was released back in 2009, so CVE-2021-21551 remained undiscovered for 11 years and unpatched for 12. Even when the problem was reported to Dell, the computer maker initially thought of omitting the fixing effort since most of the affected products had reached EOL.
Eventually, Dell released a fix as the number of vulnerable systems was just too high to ignore the problem, and the negative publicity in the case of unpatched disclosure by SentinelLabs would be catastrophic. Dell workstations are found in a wide range of corporate environments, so updating them immediately should be non-negotiable.