This content is viewable by Everyone
Dell released an update utility
Dell released an update utility to mitigate a security vulnerability affecting a driver packaged with Dell Client firmware update utility packages and tools.
For complete descriptions of the vulnerability, affected systems, and remediation steps please see https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
WHAT'S THE PROBLEM?
A Dell driver (dbutil_2_3.sys) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
A vulnerable driver (dbutil_2_3.sys) was delivered to impacted systems in two ways:
- via affected firmware update utility packages, and
- via Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware.