Dell has released a security patch for its firmware update module, which carries up to five highly serious flaws that potentially affect hundreds and millions of its Windows-based desktops, laptops, laptops and tablets. This firmware update module has been in use since at least 2009 and is available even on the latest Dell machines. This means that serious vulnerabilities remain undiscovered for at least 12 years. Errors can allow hackers to bypass security and obtain kernel-level code execution permissions and even switch from one device to another by gaining access to an organization’s network.
According to Dell, the vulnerable driver module is not available pre-installed on your machines and is only available after you have applied a BIOS update, Thunderbolt, TPM, or firmware dock to your system.
Dell also sent this statement to Gadgets 360: “We have fixed a vulnerability (CVE-2021-21551) in a driver (dbutil_2_3.sys) affecting certain Windows-based Dell computers. We have seen no evidence that this vulnerability has been exploited by malicious participants to date. We recommend that customers review the Dell Security Advisory (DSA-2021-088) and follow the removal steps as soon as possible. We have also published frequently asked questions for additional information. Thanks to the researchers for working directly with us to solve the problem. “
Threat intelligence company SentinelLabs discovered problems that exist in the Dell Firmware Update Version 2.3 module (dbutil_2_3.sys). The same module is not limited to Dell machines, but also to some Alienware gaming laptops and desktops. SentinelLabs also warned that the vulnerable driver module could still be used in a BYOVD attack because Dell did not revoke the certificate while releasing the patch.
Gadgets 360 turned to Dell for further clarification.
One of the first problems in the firmware update driver module is that it accepts I / O control requests (IOCTL) without access control (ACL) requirements.
“Allowing any process to communicate with your driver is often a bad practice, as drivers work with the highest privileges; in this way, some IOCTL features can be abused “by design,” said SentinelLabs researcher Cassif Dekel.
It has also been found that the driver module allows the execution of input / output (I / O) instructions in kernel mode with random operands (LPE # 3 and LPE # 4). In simpler terms, this means that one can interact with peripherals such as HDDs and GPUs to read or write directly to disk, bypassing all security mechanisms in the operating system.
In addition, it is established that the driver file itself is located in the temporary folder of the operating system. SentinelLabs calls it a mistake in itself and believes it opens the door to other problems.
“The classic way to use this would be to transform any BYOVD (Bring Your Own Vulnerable Driver) into an Elevation of Privileges vulnerability, because loading a (vulnerable) driver means you need administrative privileges, which essentially eliminates the need for vulnerability, ”the researcher noted.
Dell is aware of the issues reported by SentinelLabs since December 2020 and is tracking them as CVE-2021-21551. The vulnerabilities also have a CVSS vulnerability severity rating of 8.8 out of 10. However, both Dell and SentinelLabs note that they have not noticed evidence of vulnerabilities used in the wild.
For all affected machines Dell has released the patch that users are advised to install from their end using the Dell Utility or Alienware Update. The company also provided a list of models that are vulnerable due to errors. The list includes over 380 models and includes some of Dell’s popular machines, such as the latest XPS 13 and XPS 15 notebooks as well Dell G3,, G5, and G7 gaming laptops. There are also nearly 200 affected machines that no longer qualify for official service and include Alienware 14, Alienware 17 and Dell Latitude 14 Rugged Extreme.
This isn’t the first time a serious security issue has been detected on Dell machines. In 2019, the company patched a critical flaw in its SupportAssist tool this has affected millions of computer users worldwide. Another serious problem was found in the Dell System Detect program in 2015, which also exposed a large number of its users to attack.
Is the MacBook Air M1 the portable beast on a laptop you’ve always wanted? We discussed this on Orbital, the Gadgets 360 podcast. Orbital is available at Apple Podcasts,, Google Podcasts,, Spotifyand wherever you get your podcasts.