Description
On the 4th May, 2021, a security researcher at SentinelOne (a cybersecurity company) discovered the five bugs vulnerability in DBUtil driver version 2.3 which may lead to escalation of privileges, denial of service, or information disclosure.
Summary
Five (5) flaws have collectively been tracked as CVE-2021-21551, found in the DBUtil driver on the Dell machines. This driver file may have been installed on your Dell Windows operating system when you used firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware for your system and unpacked during its next reboot.
How it works
The five (5) bug flaw which allows escalation of privileges from a non-administrative user, to kernel mode privileges, provides an attacker with high level permissions that can see unrestricted access to all hardware available on the system, including referencing memory addresses. The vulnerability severity is not listed as critical, since exploitation by the attacker requires compromising the computer in advance. However, it should be noted that threat actors and malware can gain persistence on infected systems.
Solution
For more information on this alert kindly follow this URL:
The Guyana National CIRT recommends that users and administrators review this alert and apply the solutions where necessary.
PDF Download: Vulnerability found affecting Dell driver.pdf
References