gergospel.blogg.se

The first and most immediate problem with the firmware update driver arises out of the fact that it accepts IOCTL (Input/Output Control) requests without any ACL requirements. That proof of concept will demonstrate the first local EOP which arises out of a memory corruption issue. However, to enable Dell customers the opportunity to remediate this vulnerability, we are withholding sharing our Proof of Concept until June 1, 2021. In today’s post, I will describe some of the general problems with this driver.

This led to the discovery of five high severity bugs that have remained undisclosed for 12 years. The driver came to my attention thanks to Process Hacker, which has a great feature that pops up a notification message every time a service gets created or deleted: Hundreds of millions of Dell devices have updates pushed on a regular basis, for both consumer and enterprise systems. Today, the firmware update driver component, which is responsible for Dell Firmware Updates via the Dell Bios Utility, comes pre-installed on most Dell machines running Windows and freshly installed Windows machines that have been updated. Several months ago, I started investigating the security posture of the firmware update driver version 2.3 ( dbutil_2_3.sys) module, which seems to have been in use since at least 2009. At this time, SentinelOne has not discovered evidence of in-the-wild abuse.Dell has released a security update to its customers to address this vulnerability.SentinelLabs findings were proactively reported to Dell on and are tracked as CVE-2021-21551, marked with CVSS Score 8.8.Since 2009, Dell has released hundreds of millions of Windows devices worldwide which contain the vulnerable driver.