The vulnerability exists in the dbutil_2_3.sys driver. This driver file may have been installed on your Dell Windows operating system when you used firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware for your system. To best protect yourself, Dell recommends removing the dbutil_2_3.sys driver from your system by following one of three options listed in Remediation Step 1 below.

Dell has remediated the dbutil driver and has released firmware update utility packages for supported platforms running Windows 10, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent and Dell Platform Tags. For supported platforms on Windows when you:

• install a remediated package containing the BIOS, Thunderbolt firmware, TPM firmware, or dock firmware; or
• update Dell Command Update, Dell Update, or Alienware Update; or
• install the latest version of Dell System Inventory Agent or Dell Platform Tags,

The remediated dbutil driver is installed on your system. Refer to Remediation Step 2 for details.[/TD]

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

The vulnerable driver (dbutil_2_3.sys) was delivered to impacted systems in two ways: (1) via affected firmware update utility packages, and (2) via Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware on your system. The tables in the “Additional Information” section below provide the following information:

• Table A lists platforms with impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities.
• Table B lists the end of service life platforms with impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities and TPM firmware update utilities.

Note: The dbutil_2_3.sys driver vulnerability does not impact the actual firmware updates that these utilities deliver. Rather, the vulnerability exists in the dbutil_2_3.sys driver that is packaged with the firmware update utility.

Remediation Steps:
Impacted customers must complete 2 steps as follows:

1. Immediately remove the vulnerable dbutil_2_3.sys driver from the affected system using one of the following options from Step 1 below: download and run a utility to remove the driver from the system (Option 1), manually remove the driver from the system (Option 2), or on or after May 10, 2021, utilize one of the Dell notification solutions to run the utility (Option 3).
2. As described in Step 2 below, obtain and run the latest firmware update utility package(s), Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags as applicable.

Step 1: Immediately remove the vulnerable dbutil_2_3.sys driver from the affected system using one of the options below. NOTE: If you are using the Dell System Inventory Agent you must first download the latest available version (2.6.0.0 or greater) here.

• Option 1 (Recommended): Download and run the Dell Security Advisory Update – DSA-2021-088 utility.
• Option 2: Manually remove the vulnerable dbutil_2_3.sys driver:

Step A: Check the following locations for the dbutil_2_3.sys driver file

• C:\Users\<username>\AppData\Local\Temp
• C:\Windows\Temp

Step B: Select the dbutil_2_3.sys file and hold down the SHIFT key while pressing the DELETE key to permanently delete.

• Option 3 (available by May 10, 2021): If you use one of the Dell notification solutions, you can use it to obtain and run the Dell Security Advisory Update – DSA-2021-088 utility.

Scenario 1: If your Dell notification solution is configured to automatically notify you of updates, and configured to automatically download and apply them, then this utility is automatically downloaded and applied for you.

Scenario 2: If your Dell notification solution is not configured to automatically download and apply updates, obtain the utility via one of the Dell notification solutions , by clicking “Check for Updates”, and then selecting and applying Dell Security Advisory Update – DSA-2021-088.

Step 2: To prevent reintroduction of a vulnerable dbutil driver, obtain and run a remediated firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags as applicable.

For firmware update utility packages: With your next scheduled firmware update, download and apply the latest available firmware update utility which contains a remediated dbutil driver. Customers can use one of the Dell notification solutions to receive updated firmware update utility packages, as applicable.

Notes:

• For supported platforms running Windows 10, updates are available as of the publishing of this advisory. (See Table A)
• For supported platforms running Windows 7 or 8.1, updates are expected to be available by July 31, 2021. Once the updates are available, this advisory will be updated. If you update your BIOS, Thunderbolt firmware, TPM firmware, or doc firmware prior to the updates being available, you must also execute one of the three options defined in Step 1 of this section – even if you have previously performed this step – immediately following the update.
• If you update your BIOS, Thunderbolt firmware, TPM firmware, or dock firmware, to a version prior to the versions listed in Table A, you must also execute one of the three options defined in Step 1 of this section – even if you have previously performed this step – immediately following the update.
• Remediated packages are not be provided for end of service life platforms (see Table B). Customers using these platforms must also execute one of the three options defined in Step 1 of this section – even if you have previously performed this step – immediately after you apply an affected firmware update.

For Dell Command Update, Dell Update, and Alienware Update: These components are automatically updated with the self-update feature. If this feature is not enabled on your system, run your respective update application by connecting to the internet, opening it, and clicking “Check for Updates.”

For Dell Platform Tags: Visit here and download the latest available version (4.0.30.0, A04 or greater).

For Dell System Inventory Agent: Visit here to download the latest available version (2.6.0.0 or greater).

Read more:

• https://www.dell.com/support/kbdoc/e...-vulnerability
• https://www.zdnet.com/article/patch-...er-since-2009/

Posted By: Brink
04 May 2021