News Targeted


Category: IT|May 8, 2021 | Author: Admin

Firmware vulnerability affects "millions" of PCs

Share on

Major vulnerabilities have been identified in Dell's firmware update driver that could allow attackers to access core-level code in millions of Dell PCs delivered for more than ten years.

Two years to reach a solution
SentinelLabs reported the vulnerability to Dell in December last year and has posted a detailed blog with all the information. Alex Ionescu from Crowdstike says that it took "three separate companies two years" to get a solution.

SentinelLabs notes that there are five errors in a single CVE (Common Vulnerabilities and Exposures is a reference for publicly known vulnerabilities and exposures) assigned by Dell: Two memory corruption issues, two input validation issues, and one code logic issue that could lead to a DDoS (Denial of Service) attack. The problem lies in the driver ‘dbutil_2_3.sys’ which is used in several firmware update tools for Dell and Alienware systems, including BIOS updates.

Dell has released a security advisory (DSA-2021-088) and made available updated packages for Windows that can be downloaded manually.

Risk minimization is recommended
The company recommends reducing the risk. This includes removing the driver ‘dbutil_2_3.sys’ from the PC and updating the driver manually, or waiting for the updated driver to download automatically. To remove the driver, the company recommends one of two:

  • Option 1 (Recommended): Download and run the Dell Security Advisory Update - DSA-2021-088 Utility.

  • Option 2: Manually remove the vulnerable dbutil_2_3.sys driver:

 

Step A:
Find dbutil_2_3.sys i
C: \ Users \\ AppData \ Local \ Temp
or
C: \ Windows \ Temp

Step B:
Select the file dbutil_2_3.sys, hold down shift and press Del to permanently delete it.

 

No indications of exploitation of the vulnerability
SentinelLabs says that there are no indications that the vulnerabilities have been exploited. Still, they recommend both businesses and consumers to update as it affects "hundreds of millions" of PCs.

Sources: SentinelLabs

Sponsored Ads:

Comments:

< Next article

Previous article >


I think Apple has given up

Category: Apple|Nov 30, 2023 | Author: Admin

There are not a few who have been annoyed by the shortage

Category: Apple|Nov 29, 2023 | Author: Admin

THE NIGHTMARE: The files since May are gone

Category: Google|Nov 28, 2023 | Author: Admin

No, you're not wrong

Category: IT|Nov 27, 2023 | Author: Admin

Most Apple employees join Google after resigning, shows LinkedIn data

Category: Apple|Nov 26, 2023 | Author: Admin

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

Category: IT|Nov 25, 2023 | Author: Admin

The trade cost them NOK 657 billion

Category: IT|Nov 24, 2023 | Author: Admin

Is this the cause of the OpenAI chaos? “A danger to humanity”

Category: IT|Nov 23, 2023 | Author: Admin

Sam Altman BACK

Category: IT|Nov 22, 2023 | Author: Admin

It's much worse than we thought

Category: IT|Nov 21, 2023 | Author: Admin

February: 3000 nits, 24GB RAM, Snapdragon 8 Gen 3

Category: General|Nov 20, 2023 | Author: Admin

UPDATED: Removed, and the reason is shocking

Category: General|Nov 19, 2023 | Author: Admin

"Apple is struggling more than expected"

Category: Apple|Nov 18, 2023 | Author: Admin

Old Manifest V2 Chrome extensions will be disabled in 2024

Category: Google|Nov 17, 2023 | Author: Admin

Now Windows is an app for iPhone

Category: Microsoft|Nov 16, 2023 | Author: Admin
more