Dell Resolves Vulnerability Affecting Over 100 Million Devices
A Dell driver flaw which could allow a local authenticated attacker to gain elevated privileges on the system has been resolved.
Dell Security Flaw Dates Back to 2009
A Dell driver flaw which could allow a local authenticated attacker to gain elevated privileges on the system has been resolved. The vulnerability was caused by an insufficient access control vulnerability in the dbutil_2_3.sys driver. An attacker could exploit this vulnerability to gain elevated privileges, obtain sensitive information or cause a denial of service due to improper access restrictions within the Dell dbutil driver dbutil_2_3.sys.
Dell has remediated the dbutil driver and has released firmware update utility packages for supported platforms running Windows 10, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent and Dell Platform Tags.
- CVSS Score: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Changed
How Syxsense Can Help
This vulnerability poses a very significant risk as it has a Low Attack Complexity, Low privileges requires and the Scope is Changed. Scope is what we call a ‘Jump Point’ – which means an active exploit can jump from one technology to another.