Dell Vulnerability Discovered; Patching Advised for Millions of Users
On May 4, researchers released details of a security flaw in Dell devices. The flaw affects hundreds of millions of desktops, laptops, notebooks, and tablets. Dell has released additional details of the vulnerability and a recommended fix.
The vulnerability relates to the “dbutil_2_3.sys” driver, a critical piece of software used in updating system operating instructions embedded in device firmware. This driver is pre-installed on Dell devices running Windows® operating systems.
The vulnerability allows bad actors to gain access to the operating system kernel and to run their own malicious code. Once access is gained, criminals can bypass security software, exfiltrate data, and potentially gain lateral access to network data as well.
The security flaw is local, i.e., usable only by commands executed directly on the device (and not remote access). There are no reports of the flaw being used by bad actors to this point. However, an attack will likely soon be developed to exploit the vulnerability through a phishing email or other technique for delivering and exploiting malicious code. Exploiting this vulnerability, attackers will be able to take control of the computer even if the user does not have local administrator privileges.
Dell has released an automated update that will remove and replace the vulnerable driver. It plans to release an enhanced version of the update utility for enterprise customers on May 10. Dell has likewise provided greater detail re. affected devices and manual remove/replace procedures in the “Affected Products and Remediation” section of their release notification.
ACA Aponix Guidance
The Dell vulnerability is serious and requires mitigation. The sheer ubiquity of Dell devices in use adds to the urgency given the significant potential for abuse.
- Urgently apply the released Dell patches.
- Include these updates in mandatory patching policies (when applicable).
- Advise staff with personal Dell devices of the need to apply the patch, and to enable the fix if automatic software updating is not activated.
- Advise critical third-party service providers of the need to apply the patch.
- Be on the lookout for further information from Dell re. the announced May 10 enhanced enterprise-level patch.
- Reach out to ACA Aponix or other trusted third-party advisors for assistance in implementing patching procedures as needed.
How we help
ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar cybersecurity warnings, and to enhance its cybersecurity in general:
- Threat intelligence, phishing testing and monitoring
- Operational resilience and governance
- Risk assessments and regulatory compliance testing services
- Download our Aponix Protect™ cybersecurity solution brochure.