Dell is a global brand that sells millions of units of laptops, desktops, and server systems each year. Apparently, Dell’ image might be damaged as researchers at Sentinel Labs warned that
Dell’s firmware update driver has five critical security flaws present since 2009.
The research team discovered multiple vulnerabilities in Dell’s firmware update driver version 2.3 (dbutil_2_3.sys) module which is responsible for Dell firmware updates and comes preinstalled in nearly every Dell PC system since 2009. Attackers had the option to use the vulnerabilities to launch attacks with the aim to gain Kernel-level access on hundreds of millions of Dell and Alienware PCs.
All the vulnerabilities are categorized as CVE-2021-21551 and got a CVSS score of 8.8/ 10. Currently, Dell has used its DSA-2021-088 Knowledge Base Article to release guidelines for customers on how to remove the dbutil_2_3.sys driver. Dell has recommended to remove the drivers or to download the following utility to remove drivers: Dell Security Advisory Update – DSA-2021-088 utility. The latter solution will deal with the issue while keeping the software utility intact.
You should know that Dell was warned about this issue back in 2020 and its security certificate isn’t renewed till now. It means that all Dell and Alienware users are at risk if they haven’t taken the stated precautions.
Via Sentinal Labs