Security News > 2021 > May > Dell fixes exploitable holes in its own firmware update driver – patch now!

Dell fixes exploitable holes in its own firmware update driver – patch now!
2021-05-05 18:18

If you are nervous about removing system files by hand, the company has published a download page with an automatic driver remover with the remarkable name of Dell-Security-Advisory-Update-DSA-2021-088 7PR57 WIN 1.0.0 A00.EXE. Unfortunately, just removing the old driver is not enough on its own, because the old firmare update utility left behind on your computer may inadvertently reinstall the buggy driver, thus reintroducing the bug.

If you can't yet do step 2, remember to repeat step 1 every time that you run the old firmware updater, in case the update process itself quietly reinstalls the old driver.

The researchers who investigated the flawed driver found a number of problems with it, starting with the fact that any user, whether an administrator or not, could issue low-level configuration commands to the driver itself.

In this case, the researchers discovered driver coding flaws that could allow unprivileged driver commands either to crash the driver and bring down the system or to promote the user issuing the commands to a local administrator.

In other words, if you remove the vulnerable driver without also updating the firmware update utility that is coded to look for the driver in the TEMP folder, you run a risk not only that the firmware utility itself might reinstall an old version of the driver, but also that an attacker already inside your network might do so, too.

Make a list of computers that needed updating and keep an eye on the abovementioned TEMP directories for the unwanted reappearance of the buggy driver file, which could be an IoC. If you are a programmer: don't give unprivileged users access to driver control functions they don't need.


News URL

https://nakedsecurity.sophos.com/2021/05/05/dell-fixes-exploitable-holes-its-own-firmware-update-driver-patch-now/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1650 96 430 287 92 905