Dell closes a security gap that has existed for around 12 years in a driver for firmware update tools. The security leak, classified as serious, is said to affect millions of Windows systems such as desktop PCs, notebooks and tablets from Dell that have been shipped since 2009.
Leak in the driver for firmware update tools
The critical vulnerability exists in the driver dbutil_2_3.sys, which has been used as part of software for firmware updates (BIOS updates) on Dell systems for many years. Using the hole, attackers have the option of gaining kernel-level authorizations even as non-administrators and thus practically hijacking the system and installing any malware. The vulnerability was only discovered by the security company Sentinel Labs, which reportedly informed Dell of it on December 1, 2020. Listed under the ID CVE-2021-21551, the leak was classified as particularly critical with a severity of 8.8 out of 10. However, so far no case of exploitation of the vulnerability has become known.
Dell delivers solution
Dell has released an update for the affected driver that is supposed to close the security hole. In the extensive article, Dell describes what affected users must do and, according to media reports, lists over 380 affected Dell systems.
According to the description, the faulty driver must first be removed. which happens automatically via the downloadable Dell Security Advisory Update – DSA-2021-088 or manually in the following way:
First, the folder C: Users & lt; username & gt; AppData Local Temp and C: Windows Temp for the file dbutil_2_3.sys. Then the dbutil_2_3.sys file must be completely deleted, which is easiest to do with the key combination SHIFT + Delete.
From May 10th, the security update should also be automatically via the update tools from Dell are available for download.
To ensure that the faulty driver does not reappear, you should download one of the updated update tools from Dell for any firmware updates. For this purpose, Dell offers the applications for download notifications.