Hundreds Of Millions Of Dell PCs Dating Back To 2009 Need This Security Patch ASAP

XPS 13 black
Dell is one of the most popular PC brands globally, selling millions of laptops, desktops, and server systems to everyday consumers and businesses alike each year. However, SentinelLabs researchers warned this week that five critical security flaws have been lurking in its firmware update driver since the early days of President Obama's first term.

Attackers could have potentially exploited these flaws to conduct escalation of privilege attacks for kernel-level access on hundreds of millions of Dell and Alienware PCs. Multiple vulnerabilities were traced to Dell's firmware update driver version 2.3 (dbutil_2_3.sys) module. This module is responsible for Dell firmware updates using the Dell BIOS utility and comes preinstalled in nearly every Dell PC system since 2009.

The collective vulnerabilities are tracked as CVE-2021-21551 and have a CVSS score of 8.8 out of 10 for severity.  Four of the five relate to local elevation of privileges (two for memory corruption, two for lack of input validation), while the last is a denial of service vulnerability (code logic issue).

"While we haven't seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action," said Kasif Dekel of SentinelLabs.

For now, Dell has released guidance for customers on the dbutil_2_3.sys driver via its DSA-2021-088 Knowledge Base Article. The company recommends that you remove the driver manually using the steps outlined in the article or download the Dell Security Advisory Update – DSA-2021-088 utility. Dell recommends the latter solution to tackle the security issue while preserving the software utility meant to keep your system up-to-date.

Interestingly enough, although Dell was first alerted to the exploitive driver back in December 2020, it has yet to revoke its certificate. This means that Dell and Alienware users that do not take the precautions mentioned above are still at risk, with Dekel adding, "This is not considered best practice since the vulnerable driver can still be used in a BYOVD attack."