Dell computers contain critical vulnerabilities since 2009
Five serious vulnerabilities have been found in Dell devices, affecting the software component - a driver that can be found on desktop computers, laptops and tablets.
The problem was reported by the specialists from SentinelLabs, adding that one of the researchers was able to identify a flaw in the DBUtil BIOS driver.
The most interesting thing is that the vulnerabilities are more than ten years old - they exist in the problem component since 2009. At the moment, experts have not found any indicators about these vulnerabilities being exploited in the wild.
The DBUtil BIOS driver comes pre-installed on most Dell computers running Windows operating system. It can be found on the OS by the name of dbutil_2_3.sys, and one of the main driver tasks is to update the firmware.
The found flaw received the identifier CVE-2021-21551 and CVSS score of 8.8. In fact, this identifier includes five vulnerabilities, two of which represent a memory corruption problem, and one more is a logic issue leading to DoS.
"Critical bugs in Dell software could allow an attacker to escalate privileges to kernel level on a system," - the researchers explain. A patch and related instructions are now available from Dell.
Source: anti-malware.ru
05 May 2021