BIOS PrivEsc Bugs Affect Millions of Dell PCs [CVE-2021-21551]

CVE number – CVE-2021-21551

Dell has released an update utility to mitigate a security vulnerability affecting the dbutil_2_3.sys driver packaged with Dell Client firmware update utility packages and tools.

The vulnerability exists in the dbutil_2_3.sys driver. This driver file may have been installed on a Dell Windows operating system when you used firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware for your system. To best protect yourself, Dell recommends removing the dbutil_2_3.sys driver from your system by following one of three options listed in Remediation Step 1 below.

Dell has remediated the dbutil driver and has released firmware update utility packages for supported platforms running Windows 10, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent and Dell Platform Tags. For supported platforms on Windows when you:

• install a remediated package containing the BIOS, Thunderbolt firmware, TPM firmware, or dock firmware; or
• update Dell Command Update, Dell Update, or Alienware Update; or
• install the latest version of Dell System Inventory Agent or Dell Platform Tags,

Step 1: Immediately remove the vulnerable dbutil_2_3.sys driver from the affected system using one of the options below. NOTE: If you are using the Dell System Inventory Agent you must first download the latest available version (2.6.0.0 or greater)here.

• Option 1 (Recommended): Download and run the Dell Security Advisory Update – DSA-2021-088 utility.
• Option 2: Manually remove the vulnerable dbutil_2_3.sys driver:

Step A: Check the following locations for the dbutil_2_3.sys driver file

• C:\Users\<username>\AppData\Local\Temp
• C:\Windows\Temp

Step B: Select the dbutil_2_3.sys file and hold down the SHIFT key while pressing the DELETE key to permanently delete. 

• Option 3 (available by May 10, 2021):  If you use one of the Dell notification solutions, you can use it to obtain and run the Dell Security Advisory Update – DSA-2021-088 utility.

Scenario 1: If your Dell notification solution is configured to automatically notify you of updates, and configured to automatically download and apply them, then this utility is automatically downloaded and applied for you.
Scenario 2: If your Dell notification solution is not configured to automatically download and apply updates, obtain the utility via one of the Dell notification solutions , by clicking “Check for Updates”, and then selecting and applying Dell Security Advisory Update – DSA-2021-088.
Step 2: To prevent reintroduction of a vulnerable dbutil driver, obtain and run a remediated firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags as applicable.
For firmware update utility packages: With your next scheduled firmware update, download and apply the latest available firmware update utility which contains a remediated dbutil driver. Customers can use one of the Dell notification solutions to receive updated firmware update utility packages, as applicable. Notes:

• For supported platforms running Windows 10, updates are available as of the publishing of this advisory. (See Table A)
• For supported platforms running Windows 7 or 8.1, updates are expected to be available by July 31, 2021. Once the updates are available, this advisory will be updated. If you update your BIOS, Thunderbolt firmware, TPM firmware, or doc firmware prior to the updates being available, you must also execute one of the three options defined in Step 1 of this section – even if you have previously performed this step – immediately following the update.
• If you update your BIOS, Thunderbolt firmware, TPM firmware, or dock firmware, to a version prior to the versions listed in Table A, you must also execute one of the three options defined in Step 1 of this section – even if you have previously performed this step – immediately following the update.
• Remediated packages are not be provided for end of service life platforms (see Table B). Customers using these platforms must also execute one of the three options defined in Step 1 of this section – even if you have previously performed this step – immediately after you apply an affected firmware update.

For Dell Command Update, Dell Update, and Alienware Update: These components are automatically updated with the self-update feature. If this feature is not enabled on your system, run your respective update application by connecting to the internet, opening it, and clicking “Check for Updates.”
For Dell Platform Tags: Visit here and download the latest available version (4.0.30.0, A04 or greater).

For Dell System Inventory Agent: Visit here to download the latest available version (2.6.0.0 or greater).
Please see the FAQ for more details and additional information.