image credit: Quinn Dombrowski / Flickr

Millions of Dell Devices Vulnerable to Update Driver Flaw

Dell has patched five flaws in a vulnerable firmware update driver that has shipped in millions of laptops, tablets and desktops since 2009.

The vulnerabilities have been assigned a single CVE, CVE-2021-21551, and they have a CVSS score of 8.8. Dell has wrapped the vulnerable driver, which is dbutil_2_3.sys, in BIOS update utility, writes Kasif Dekel, a senior security researcher at SentinelOne.

“These multiple high-severity vulnerabilities in Dell software could allow attackers to escalate privileges from a non-administrator user to kernel mode privileges,” Dekel writes in a blog post. “While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action.”

Read More on DataBreach Today