Dell Patches 12-year-old Driver Vulnerability Impacting Millions of PCs (therecord.media) 23
Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks. From a report: The bug, tracked as CVE-2021-21551, impacts version 2.3 of DBUtil, a Dell BIOS driver that allows the OS and system apps to interact with the computer's BIOS and hardware. In a report published today and shared with The Record, security firm SentinelOne said it found a vulnerability in this driver that could be abused to allow threat actors access driver functions and execute malicious code with SYSTEM and kernel-level privileges. Researchers said the DBUtil vulnerability cannot be exploited over the internet to gain access to unpatched systems remotely. Instead, threat actors who gained initial access to a computer, even to a low-level account, could abuse this bug to take full control over the compromised PC -- in what the security community typically describes as a privilege escalation vulnerability.
Taking this news with a grain of salt... (Score:2)
Re: (Score:2)
My "r" must be saving itself for Sept 19th...
Re: (Score:2)
Re:Taking this news with a grain of salt... (Score:5, Informative)
And once you have machines locked down to that extent, the amount of actual work that people can do on them is often nearly none
That's ancient bullshit.
My employer has separate networks for business apps vs production, and both environments are functional for unprivileged users.
There are a few special terminals for legacy apps, but those are relatively isolated.
Unless you're swimming in legacy crud, it's not that hard. Even then, most legacy stuff can be virtualized and locked behind custom firewall and IPS rules.
Re: (Score:1)
You have no concept of the realities of small business IT.
My clients do not care about NIST anything. They have no idea what CMMC is, nor do they have any interest in finding out.
Disable USB ports? Not happening. Take away local admin? I'd be replaced the next day by somebody who would fix that problem.
HIPAA gets me a few concessions to security for the med clients, but for small business the number one concern is that the computer should do what the user wants when the user wants it. Try telling a doc
Re: (Score:2)
There are a lot of nice tools now to give you fine-grained control. Rather than full admin access, use something like AutoElevate to manage what and when things are allowed to run as administrator. Miss something in your policy? End user can essentially request access and you can grant it remotely after reviewing it.
Re: (Score:2)
It's not "their computer", its the businesses. IT is there to make the business productive. Users aren't there to play with the PC.
Got a problem? Call IT, swap it for a working one and we take the defective one for repair.
I can't have 1000 different bespoke installations on campus. This becomes unsupportable. One standard, then customisations managed by the profile of the user, not the user.
And no, compliance is a thing. There is a whole alphabet soup of regulations out there. Big fines make big wigs worry.
Re: (Score:2)
You're doing it very wrong.
It's perfectly possible since Windows 7, and perhaps earlier, for the vast majority of users to be able to run as a regular user with print administration. I had that running 7+ years ago at a Fortune 20 company with 50,000 users.
Sure, there was a lot of annoying workaround stuff that needed to be done, but if your users don't have to install their own applications, a lot of necessary permissions are no longer necessary. Look into automated application delivery services such as
does BIOS password protected stop updates (Score:2)
does BIOS password protected stop updates from running under dell update / windows update? Unless you use dells enterprise tools for bios?
Re: (Score:2)
And so it must be, because:
a. Anything you want to do, you need admin rights.
b. It is impossible to find out why things fail due to security or authentication failures in windows.
I rarely needed admin rights on unix or linux, and when I did, sudo was more than adequate. On Windows, I'd have to use sudo every 5 minutes.
Re: (Score:2)
CP/M has no memory protection, so all the drivers are vulnerable!
Maybe you mean OpenVMS? If so time to wake up [cvedetails.com]. (I'm kidding, I don't think any of those are in the driver)
Re: (Score:2)
From what the actual report implies:
https://labs.sentinelone.com/c... [sentinelone.com]
Dell allows their machines to be updated from within a guest OS, which has its own set of horrible potential outcomes. Especially if the utility program does any of the signature validation rather than the BIOS.
It claims Dell installs the utility into C:\WINDOWS\TEMP so one doesn't expect this stack was ever audited.
Re: (Score:2)
Re: (Score:2)
If you run Windows directly on your PC you're much braver than me. I keep it in containment VM.
When? (Score:2)
The only update available from Dell at the moment is to the power manager.
Re: (Score:2)
Pizza Ranch has a great buffet!
Oh? Sorry, I thought we were writing entirely irrelevant comments now.
Re: (Score:2)
12 year olds should not be driving. This is why we need autonomous vehicles or at least active accident avoidance systems.
Damn straight. Drove into millions of PCs already? Get this menace off my deskway.
Sooo what else besides "privilege escalation"? (Score:2)
"in what the security community typically describes as a privilege escalation vulnerability."
The word "typically" implies there is something else that a privilege escalation vulnerability might be called. I guess there's "pwning" but I've yet to see anyone use that in a news article.