For the last 12 years, a driver deployed on millions of Dell computer systems contains 5 severe vulnerabilities which can be exploited to take over the system.
First reported by researchers at SentinelOne, the vulnerabilities allow a local user to escalate their privilege and obtain admin rights on the Windows operating system. The vulnerabilities are tracked as a single issue CVE-2021-21551 by Dell. The flaws reside in a driver used to update firmware on the system. Simply put, the problem is the driver will accept instructions from any user or application running on the system without performing any security checks. Since drivers necessarily run in kernel mode, this means the driver can be abused to read and write to any area of memory or write to any area of the disk and install malware or a root-kit.
Dell has published a security advisory which recommends users immediately remove the vulnerable dbutil_2_3.sys driver and then update the firmware utility packages to prevent the vulnerable driver from being reinstalled.
In addition, Dell has provided a utility that will automate the identification and removal of the vulnerable driver which will help manage the issue on larger enterprise networks.
The researchers that discovered the vulnerability plan to publish proof of concept code on 1st June 2021, which is likely to accelerate the targeting of this vulnerability by malicious users.
In order to exploit this vulnerability, an attacker would need to already be logged into the system meaning it would need to be chained with other vulnerabilities or malware in order to be exploited.