SentinelOne, an American Cybersecurity startup, has discovered five security vulnerabilities in a driver called “dbutil_2_3.sys” which is bundles into all Dell machines that were built after 2009. These vulnerabilities have gone unnoticed for 12 years, are “fairly simple to abuse” and when leveraged, can crash systems, steal information, and escalate privileges to take complete control of a system or systems.
There is no evidence to suggest that these vulnerabilities have been exploited in the wild, but now that the information is out there, it is inevitable that malicious users will start targeting users who do not sufficiently protect against these weaknesses.
What to do now
Dell has released an FAQ on the vulnerable driver, and instructions on manually removing it and installing an updated, patched version here. However, for those less fluent in tech speak, the fix will be pushed out on May 10th, so keep an eye out to update your machines ASAP.
The fives vulnerabilities are split between two memory corruption issues, two instances of no input validation and a logic error.
The flaws in “dbutil_2_3.sys” are simple to abuse because the driver accepts IOCTL calls from users or programs without security checks or an access control list. Due to the nature of the bugs, the IOCTL calls can instruct dbutil_2_3.sys, which is a kernel level driver, to move, read and write arbitrary kernel RAM. From here, obviously anything can happen- rootkits can be installed machines taken control of. On top of this, the driver gives access to read/write at the x86 I/O port which gives access to underlying hardware.
Source: The Register
Solution: Dell FAQ and Update instructions
Contact Us: Here to help