Such access could get enabled by phishing or planting malware. While local authentication by an attacker on a Dell Windows machine is needed to exploit the driver vulnerability, an exploit could be carried out by someone with remote access to such a machine, Dell explained in an FAQ document. Local authenticated user access is required. However, the flaw offers various attack avenues, per Dell's support article description:ĭell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Neither Dell nor SentinelLabs have so far observed active attacks exploiting the driver vulnerability. "These multiple high severity vulnerabilities in Dell software could allow attackers to escalate privileges from a non-administrator user to kernel mode privileges," the SentinelLabs post stated. The vulnerable driver is part of various BIOS update utilities released by Dell over the years and could give an attacker Windows "kernel mode privileges," SentinelLabs indicated. It was SentinelLabs that initially tipped off Dell to the flaw - back on December 1, 2020.
0 kommentar(er)
