'Millions' of Dell PCs Will Grant Malware, Rogue Users Admin-Level Access If Asked Nicely
upstart writes in with an IRC submission for c0lo:
'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely:
This is made possible by five security vulnerabilities in Dell's dbutil_2_3.sys driver, which it bundles with its PCs. These are grouped under the label CVE 2021-21551, and they can be abused to crash systems, steal information, and escalate privileges to take total control. These programming blunders can only be exploited by applications already running on a machine, or a logged-in user.
"While we haven't seen any indicators that these vulnerabilities have been exploited in the wild up till now, with hundreds of million of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action," warned Kasif Dekel, a senior security researcher at SentinelOne who helped find the holes.
The flaws are within Dell's firmware update driver, and are fairly simple to abuse. Essentially, Dell's driver accepts system calls from any user or program on a machine; there are no security checks nor an access control list to see if the caller is sufficiently authorized or privileged. These system calls - specifically, IOCTL calls - can instruct the kernel-level driver to move the contents of memory from one address to another, allowing an attacker to read and write arbitrary kernel RAM. At that point, it's game over: the machine can be commandeered at the operating-system level, a rootkit installed, and so on.
Read more of this story at SoylentNews.