Returning to campus: Information, updates and vaccination requirements. Learn more.

Unmanaged Dell Systems Require Update to Remediate Security Issue

Threat Level: Medium
Threat Type: Privilege escalation in end user devices
Advisory Date: 05/26/2021

Description

A security has been found in a Dell provided driver, “dbutil_2_3.sys”.  This flaw allows attackers to gain full local system access.

This driver is included on Dell systems, often by default, since 2009.

Impacted Systems:

  • Dell Branded Systems Running Windows 7, 8.1 and 10.
  • Systems which are self-managed such as APEA, Salvage, Buy Backs, or other personally managed systems.

Users of impacted systems are urged to run the remediation tool to remove this vulerable driver from their systems as soon as possible.

Impact

Dell systems that use the provided Windows operating system or have installed the Dell Update packages are vulnerable to a privilege escalation attack.  This means that any local account can be used by an attacker to gain full system access.

This increases the risk of threats like malware/ransomware, data compromise on vulnerable systems.

University managed systems have been remediated.

However, systems which are not centrally managed with ZenWorks are potentially vulnerable and should be updated as soon as possible by the user responsible.

Users of unmanaged systems must run an removal tool on impacted systems to remediate the security risk.

There is no impact of removing this driver from the system.  There is no risk of running the utility on systems which do not have the impacted driver present.  

Resolution

Users of impacted systems are requested to download and run the Dell removal utility to secure their systems.

Step 1: Visit Dell Website and Download Remediation Tool: "Dell Security Advisory Update - DSA-2021-088"

Visit

https://www.dell.com/support/home/en-ca/drivers/driversdetails?driverid=7pr57

 

Instructions can be found at:

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

Resources

If you require assistance in determining if your Dell system requires this update to be applied, please contact:

Email: IT.Support@uregina.ca
Phone: 306-585-4685
Toll-free in Canada: 1-844-585-4685