As early as May, five vulnerabilities were found in drivers from Dell. Although a patch has been made available, some vulnerabilities can also be exploited in combination with the latest driver versions. Many Windows systems are still at risk.
The vulnerabilities discovered a few months ago were registered under the collective name CVE-2021-21551. With the vulnerabilities, attackers could gain privileges and execute code with extended rights. The problems were related to the Dell driver dbutil_2_3.sys. The severity was rated as high. The vulnerable driver file is present on most Dell systems with Windows pre-installed.
According to Borncity, Dell had updated the driver months ago to eliminate the vulnerabilities. Nevertheless, Rapid 7 security researchers have now found that some of the security gaps also exist in current driver versions.
Dell Has Not Classified This Risk
Rapid 7 has contacted the manufacturer and pointed out the problem. In response, Dell emphasizes that the company does not see the problem as a security risk. In order to be able to carry out an attack, a certain authorization level is required. This means that the driver is considered safe according to the Microsoft definition. While it is true that installing a driver actually requires admin rights, kernel attacks can be carried out via the security hole. This gives hackers the option of installing rootkits.
To counteract the problem, affected users should activate the hypervisor Protected Code Integrity (HVCI). Secure Boot should also be used. It is unlikely that Microsoft will blacklist the endangered Dell drivers. The driver is required to keep the firmware of many computers up to date.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.