RV_ Posted May 5, 2021 Report Share Posted May 5, 2021 I have two 27" Dell AIOs, one from 2015 and the other gen 10 from last December. I will be looking for an all in one solution but time is running out for fixing it since the black hats now know where to look if not the actual exploit. Excerpt: "On Tuesday, SentinelLabs said the vulnerabilities were discovered by security researcher Kasif Dekel, who explored Dell's DBUtil BIOS driver -- software used in the vendor's desktop and laptop PCs, notebooks, and tablet products. The team says that the driver has been vulnerable since 2009, although there is no evidence, at present, that the bugs have been exploited in the wild. The DBUtil BIOS driver comes on many Dell machines running Windows and contains a component -- the dbutil_2_3.sys module -- which is installed and loaded on-demand by initiating the firmware update process and then unloaded after a system reboot -- and this module was subject to Dekel's scrutiny. Dell has assigned one CVE (CVE-2021-21551), CVSS 8.8, to cover the five vulnerabilities disclosed by SentinelLabs. Two are memory corruption issues in the driver, two are security failures caused by a lack of input validation, and one logic issue was found that could be exploited to trigger denial-of-service. "These multiple critical vulnerabilities in Dell software could allow attackers to escalate privileges from a non-administrator user to kernel mode privileges," the researchers say. SentinelLabs commented: "These critical vulnerabilities, which have been present in Dell devices since 2009, affect millions of devices and millions of users worldwide. As with a previous bug that lay in hiding for 12 years, it is difficult to overstate the impact this could have on users and enterprises that fail to patch." Proof-of-Concept (PoC) code is being withheld until June to allow users time to patch. Dell was made aware of Dekel's findings on December 1, 2020. Following triage and issues surrounding some fixes for end-of-life products, Dell worked with Microsoft and has now issued a fixed driver for Windows machines." More in the full article here: https://www.zdnet.com/article/patch-issued-to-tackle-critical-security-issues-present-in-dell-driver-since-2009/?ftag=TRE-03-10aaa6b&bhid=&mid=13356293&cid=2180787277 Quote RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.