Dell Resolves Vulnerability Affecting Over 100 Million Devices

Dell Security Flaw Dates Back to 2009

A Dell driver flaw which could allow a local authenticated attacker to gain elevated privileges on the system has been resolved. The vulnerability was caused by an insufficient access control vulnerability in the dbutil_2_3.sys driver. An attacker could exploit this vulnerability to gain elevated privileges, obtain sensitive information or cause a denial of service due to improper access restrictions within the Dell dbutil driver dbutil_2_3.sys.

Dell has remediated the dbutil driver and has released firmware update utility packages for supported platforms running Windows 10, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent and Dell Platform Tags.

Vulnerability Details

• CVSS Score: 8.8
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Scope (Jump Point): Changed

How Syxsense Can Help

This vulnerability poses a very significant risk as it has a Low Attack Complexity, Low privileges requires and the Scope is Changed.  Scope is what we call a ‘Jump Point’ – which means an active exploit can jump from one technology to another.

Customers of Syxsense Manage and Syxsense Secure can request a custom to detect and remediate your vulnerable devices.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.