DELL, the manufacturer of Computers, running all Windows produced since 2009 System on Dell tablets, desktops and laptops yoadministrator leveldetected critical vulnerability that still grants access.
The vulnerability causes cyber threat actors to obtain privileges in kernel mode and a denial of service (DOS) situation.
It was stated that the security problem was reported to DELL by SentinelOne researchers and that the security vulnerability was caused by the software named “dbutil_2_3.sys” that came installed on DELL devices. It is known that this software is present in hundreds of millions of devices manufactured by DELL. Five vulnerabilities in the “dbutil_2_3.sys” driver caused the vulnerability. Although the CVSS score of security vulnerabilities is 8.8, CVE-2021-21551 is assigned as the CVE identifier.
Although there has been no indication that these vulnerabilities have been exploited so far, attacks by cyber threat actors on vulnerable devices of hundreds of millions of businesses and users are inevitable. Since the security vulnerability is local privilege escalation errors, it is not possible to be exploited remotely on the internet. The attacker who wants to exploit this security vulnerability must first gain access to an account. After that, the driver can exploit the vulnerability to gain local elevation of privilege.
published by DELLDell Security Advisory DSA-2021-088 You can prevent the vulnerability by installing patches available at .
Source:
dell.com
nvd.nist.gov
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.