WHAT HAPPENED?

Dell released an update utility to mitigate a security vulnerability affecting a driver packaged with Dell Client firmware update utility packages and tools.

For complete descriptions of the vulnerability, affected systems, and remediation steps please see https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

WHAT'S THE PROBLEM?

A Dell driver (dbutil_2_3.sys) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

AFFECTED SYSTEMS:

A vulnerable driver (dbutil_2_3.sys) was delivered to impacted systems in two ways:

1. via affected firmware update utility packages, and
2. via Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware.