Dell machines and some Alienware models have a flaw that is not known to many. This issue arises in the firmware update driver version 2.3 or the “dbutil_2_3.sys” file to be exact. The flaw was discovered by SentinelLabs in December 2020 and stated that it existed for the past 12 years. Dell has released a patch to fix this issue for no less than 380 different PC models and urges its user to update and install the new patch on their machine as soon as possible.
The security patch was a surprise for many as many did not know that Dell’s 2009 firmware update driver module consisted of at least 5 high-priority flaws. This module can also currently be available on many of Dell’s unsold laptops in the market. In other words, 5 vulnerabilities were not known to Dell itself for 12 years. These flaws are so serious that they can be used by hackers to hack into a Dell machine by bypassing its security and then achieve certain kernel permissions. With these rights, an attacker can execute certain code on a single machine as well as infect other machines connected to the same network.
Dell, informs its users that this driver module is a flaw that arises when the user updates BIOS, Thunderbolt, TPM, or Dock Update. It also states that this module(CVE-2021-21551) is present in a driver file by the name of “dbutil_2_3.sys”. Dell also claims that this flaw exists in Dell’s Windows laptop only and the fact that there had been no cases of any hacker exploiting this vulnerability till now. Dell also encourages all the users to review the new Dell Security Advisory (DSA-2021-088) and carry out the steps.
SentinelLabs is a threat intelligence firm that is credited with discovering this vulnerability in Dell’s laptop in December 2020 and it informed Dell about the same. The flaw was discovered in some Alienware models, including desktops & laptops. One of the SentinelLabs researchers, Kasif Dekel, stated: “Allowing any process to communicate with your driver is often a bad practice since drivers operate with the highest of privileges; thus, some IOCTL functions can be abused ‘by design”. In simpler terms, a person with malicious intent can hack into your system and even access your hard drive and GPU and read/write on them without requiring any permission. The faulty driver is located in the temp folder on Windows operating system.
Dell has released a patch after 4 months of being notified by the research labs at SentinelLabs. This patch is available to users by using the Dell update utility (Alienware users can use different update utilities) and fix their machines. There are over 380 models that need to be fixed like the gaming Series comprising G3, G5, and G7. Other machines include XPS 13/15 and Alienware 14 and Alienware 17.
Readers might also find it surprising that this is not the first instant that Dell machines have landed under a tight spot. Quite recently, in 2019, the SupportAssist Dell tool was fixed by Dell and another serious issue was the Dell System Detect program back in 2015.