DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver

Dell has released remediation for a security vulnerability affecting the dbutil_2_3.sys driver packaged with Dell Client firmware update utility packages and other products.

The vulnerability described in the table above exists in the dbutil_2_3.sys driver. This driver may have been installed on to the Windows operating system of your Dell Client platform by one or more impacted products or components.

Refer to the “Affected Products and Remediation” section of this advisory for details regarding:

• The list of impacted platforms, products, and components
• The remediation steps including:
  • How to remove the vulnerable driver from your system
  • How to obtain an updated, remediated version of the driver 
• What to know when using end of service life (aka end of support) platforms, products, or components

Additional, related information is available in this FAQ.

Dell Technologies raccomanda a tutti i clienti di prendere in considerazione sia il punteggio base CVSS, sia ogni eventuale punteggio temporale o ambientale che possa avere effetti sul livello di gravità potenziale associato a una specifica vulnerabilità di sicurezza.

Affected Products and Remediation

This section includes the following subsections:

1. Affected platforms, products, and components.
2. Remediation Steps:
   1. Determine impacted platforms, products, and components in your environment.
   2. Remove the vulnerable driver from your system.
   3. Obtain an updated, remediated version of the driver.
3. What to know when installing a firmware update using an unremediated firmware update utility package.
4. What to know when using end of service life (aka end of support) platforms, products, or components.

 
1. Affected platforms, products, and components
The vulnerable driver (dbutil_2_3.sys) may have been installed on to the Windows operating system of your Dell Client platform by one or more of the following products or components:

• Impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities (see Note 1 and Note 2 below).
• Any of the Dell Download Notification solutions, including Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business).
• Dell System Inventory Agent
• Dell Platform Tags
• Dell BIOS Flash Utility

Note 1: The specific Dell Client platforms with impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities, are listed in the “Additional Information” section of this advisory.

• This information is split into two tables with Table A listing impacted, supported platforms and Table B listing impacted platforms which have reached end of service life (aka end of support).

Note 2: This vulnerability is in the dbutil_2_3.sys driver which is included with firmware update utility packages. The actual firmware is not impacted by the vulnerability.

 
 
2. Remediation Steps
 Execute the following three steps to remediate this vulnerability:

• 2.1. Determine impacted platforms, products, and components in your environment.
• 2.2. Remove the vulnerable driver from your system.
• 2.3. Obtain an updated, remediated version of the driver .

Details on each step are provided below.  

2.1 Determine impacted platforms, products, and components in your environment

Answer the following questions to determine the impacted platforms, products, and components in your environment. Then, execute the defined actions to remediate your environment.

2.1.1 Are you using a Dell Client platform which has an impacted firmware update utility package?

 If yes, perform the following actions:

• Action 1: Remove the dbutil_2_3.sys driver from your system as described in 2.2.2.
• Action 2: Obtain an updated, remediated version of the driver described in 2.3.  

Note: The specific Dell Client platforms with impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities, are listed in the “Additional Information” section of this advisory.

• This information is split into two tables with Table A listing impacted, supported platforms and Table B listing impacted platform which have reached end of service life (aka end of support).

2.1.2 Are you using:

• Any of the Dell Download Notification solutions including, Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business)?
• Dell System Inventory Agent
• Dell Platform Tags
• Dell BIOS Flash Utility

If yes, perform the following actions:

• Action 1: Update to a remediated version of the product or component as described in 2.2.1.
• Action 2: Remove the dbutil_2_3.sys driver from your system as described in 2.2.2.

2.2. Remove the vulnerable driver from your system

Execute the following 2 steps to remove the dbutil_2_3.sys driver from your system, as applicable.

2.2.1 Update to a remediated version of the impacted product or component

If you are using any of the following products or components:

• Any of the Dell Download Notification solutions including, Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business)
• Dell System Inventory Agent
• Dell Platform Tags
• Dell BIOS Flash Utility

You must first update to a remediated version of the impacted product or component using respective instructions below. This action will also install an updated remediated version of the driver (DBUtilDrv2.sys).

For Dell Command Update, Dell Update, and Alienware Update:

• Manually update to version 4.2 or greater
  • Visit the Dell Support Drivers and Download site for updates for your platform
    OR
  • If the self-update feature of these components is not enabled on your system, you can:
    • On an internet connected system, open / run the application
    • Click “Check for Updates”.

Note: When using either the “Check for Updates” option above, or when the self-update feature for these components is enabled, components will be updated as needed to prepare for driver removal via the next step (2.2.2), but the version of the component may not be reflected as an updated version.

• Reboot your system.

For Dell SupportAssist for PCs (Home and Business):

• Manually update to the latest available version:
  • Dell SupportAssist for Home PCs version 3.9.2 or greater will include the remediated driver and is expected to be available by June 15, 2021.
  • Dell SupportAssist for Business PCs version 2.4.1 or greater will include the remediated driver.
    OR
  • If the self-update feature of these components is not enabled on your system, you can:
    • On an internet connected system, open / run the application
    • Click “Check for Updates”.

Note: When using either the “Check for Updates” option above, or when the self-update feature for these components is enabled, components will be updated as needed to prepare for driver removal via the next step (2.2.2), but the version of the component may not be reflected as an updated version.

• Reboot your system.

 For Dell System Inventory Agent:

• Synchronize your Microsoft System Center Configuration Manager’s third-party updates feature, or Microsoft System Center Update Publisher (along with Windows Server Updates Services) to the latest Dell-provided catalog. Doing so will update the systems in your enterprise environment with the updated, remediated Dell System (OpenManage) Inventory Agent.
  OR
• Update to version 2.7.0.2 or greater by downloading / applying the latest available update on this page .
• Reboot your system.

For Dell Platform Tags:

• Update to version 4.0.20.0, A04 or greater by downloading / applying the latest available update on this page.
• Reboot your system.

For Dell BIOS Flash Utility:

• Update to version 3.3.11, A07 or greater by downloading / applying the latest available update on this page.
• Reboot your system.

2.2.2 Remove the dbutil_2_3.sys driver from your system

Remove the dbutil_2_3.sys driver from your system using one of the following options:

• Manually download and run a utility to remove the driver from the system (Option A).
• Utilize one of the Dell Download Notification solutions to automatically obtain and run a utility to remove the driver from the system (Option B).
• Manually remove the driver from the system (Option C).

Option A (Recommended):
Manually download and run the Dell Security Advisory Update – DSA-2021-088 utility to remove the dbutil_2_3.sys driver from the system.

Option B:
Use one of the Dell Download Notification solutions, to obtain and run the Dell Security Advisory Update – DSA-2021-088 utility to remove the dbutil_2_3.sys driver from the system.

Scenario 1: If your Dell Download Notification solution is configured to both automatically notify you of updates and apply them, then this utility will be automatically downloaded and run for you.

Scenario 2: If your Dell Download Notification solution is not configured to automatically download and apply updates, obtain and run the utility as follows:

• On an internet connected system, open / run the application
• Click “Check for Updates”.
• Select and apply the option for Dell Security Advisory Update – DSA-2021-088.

Option C:
Manually remove the vulnerable dbutil_2_3.sys driver from the system using the following steps:

1. Check the following locations for the dbutil_2_3.sys driver file:

• C:\Users\<username>\AppData\Local\Temp
• C:\Windows\Temp

2. Select the dbutil_2_3.sys file and hold down the SHIFT key while pressing the DELETE key to permanently delete.

3. From an administrator command prompt, run “sc.exe delete DBUtil_2_3”.

Reference: For information on sc.exe commands, see Microsoft documentation.

2.3 Obtain an updated, remediated version of the driver
Execute the following to obtain an updated driver (DBUtilDrv2.sys) on your system.

Reminder: The updated driver was previously installed for certain products and components as a part of the instructions in Section 2.2.1.

For a Dell Client platform which has an impacted firmware update utility package:

• With your next scheduled firmware update, download and apply the latest available firmware update utility which contains a remediated dbutil driver (DBUtilDrv2.sys). Customers can use one of the Dell Download Notification solutions to receive updated firmware update utility packages, as applicable.
• Reboot your system

Notes:

• For supported platforms running Windows 10, updates are available as of the publishing of this advisory. (See Table A)
• For supported platforms running Windows 7 or 8.1, updates are expected to be available by July 31, 2021. Once the updates are available, this advisory will be updated. If you update your BIOS, Thunderbolt firmware, TPM firmware, or doc firmware prior to the updates being available, you must also execute one of the three options defined in Step 2.2.2 of this section – even if you have previously performed this step – immediately following the update.

 
3. What to know when installing a firmware update using an unremediated firmware update utility package
You should still execute the steps in Sections 2.1 and 2.2 now. However, if you later update your BIOS, Thunderbolt firmware, TPM firmware, or dock firmware, to a version prior to the versions listed in Table A, you must take the following actions after applying the firmware update:

1. Reboot your system.
2. Repeat step 2.2.2 to again remove the dbutil_2_3.sys driver from your system.

4. What to know when using end of service life (aka end of support) platforms, products, or components
Remediated packages will not be provided for end of service life platforms (see Table B). Therefore, you must:

1. Execute the steps in Sections 2.1 and 2.2.
2. After applying any firmware update, including BIOS, Thunderbolt firmware, TPM firmware, or dock firmware:

• Reboot your system.
• Repeat step 2.2.2 to again remove the dbutil_2_3.sys driver from your system.

Ringraziamenti

Dell would like to thank Alex Ionescu, Satoshi Tanda, and Yarden Shafir of CrowdStrike; Enrique Nissim of IOActive; Scott Noone of OSR; and Kasif Dekel of SentinelOne for reporting this issue.
 

Cronologia delle revisioni

Informazioni correlate

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Informazioni aggiuntive

Additional, related information is available in this FAQ.

Table A: Supported Dell platforms impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities and dock firmware update utilities.

Note: For platforms running Windows 10: Obtain the version specified in the table, or greater as available, for your BIOS, Thunderbolt Firmware Update, TPM Firmware Update, Dock Firmware Update Version. Once available, the table will be revised to add the updated versions for Windows 7 and 8.1.

Table B: End of Service Life Dell platforms with impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities and TPM firmware update utilities.

Source :
https://www.dell.com/support/kbdoc/it-it/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability?lang=en