A new vulnerability has been detected in Dell branded laptops desktops which allow cyber attackers to exploit a flaw and provides them with elevated access to system internals. The vulnerability has been spotted and reported by Sentinel Labs, who have said that it can allow hackers to carry out a wide range of cyberattacks, including privilege escalation leading to a denial of service.
In simple words, the flaw was located as a bug in a preinstalled software in Dell laptops and desktops, which allowed hackers to get admin-level access to a users PC. The attacker could then install a malware that could freeze a user out of the PC.
According to Sentinal Labs, the flaw was a collective of five different vulnerabilities, which were present in the Dell BIOS Utility driver, called DBUtil. It states that this flaw has been prevalent since 2009.
The DBUtil driver contains a module that is responsible for delivering BIOS updates. The BIOS updates module according to the report had five flaws: two were memory corruption glitches, two were input validation failures, and one was a logic flaw.
Out of all these attacks, the biggest flaw was that any app or service without administrator privileges could request the Dell BIOS Utility server to gain high-level system permissions. Due to which, the driver was unable to invoke the ‘access control list’, which is basically a protocol that restricts non-admin level apps from gaining such high-level system access. Apart from this, it also exposed the function control, which an attacker could then use to gain escalated system privileges.
In its report Sentinal Labs stated, “These critical vulnerabilities, which have been present in Dell devices since 2009, affect millions of devices and millions of users worldwide. As with a previous bug that lay in hiding for 12 years, it is difficult to overstate the impact this could have on users and enterprises that fail to patch.”
Sentinal Labs notified Dell about the vulnerability back in December 2020. After sufficient testing and proof, Dell has listed a CVE entry with a vulnerability score of 8.8. The company has not revealed everything about the vulnerability as of now, as it will take some time for the patch to reach all users.
The company has partnered with Microsoft to roll out a patch for all affected devices. It is urging all its users to apply the fix as early as possible.
