Dell driver flaws leave millions of PCs vulnerable to attack

Security researchers discovered a driver that ships with Dell desktops, laptops, and tablets contains five grave security vulnerabilities. Identified under the label CVE 2021-21551, these vulnerabilities allow malware and attackers to crash your system, steal data, and escalate privileges to gain total control. The flaws have been present since 2009 and remained undetected until now. In total, hundreds of millions of computers could be vulnerable to attack.

The Register reports there are no signs of exploitation in the wild -- but this will likely not take long:

"While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action," warned Kasif Dekel, a senior security researcher at SentinelOne who helped find the holes.

Driver fails to perform authorization check

The five bugs were found in Dell's dbutil_2_3.sys driver, a piece of software used for updating the firmware. What it boils down to is that this insecure driver accepts system calls from any user or application on the PC, without performing any checks to verify if the caller has the correct privileges. Drivers operate with the highest level of privileges within the Windows operating system, so the lack of authorization gives attackers an easy way to piggyback:

These system calls – specifically, IOCTL calls – can instruct the kernel-level driver to move the contents of memory from one address to another, allowing an attacker to read and write arbitrary kernel RAM. At that point, it's game over: the machine can be commandeered at the operating-system level, a rootkit installed, and so on.

Dell has released an updated driver, this new version will be pushed out from May 10.