Post thumbnail

CYOPS IMPORTANT SECURITY UPDATE

As part of our ongoing threat intelligence efforts to discover emerging threats and vulnerabilities, the CyOps team would like to bring a new risk to your attention. The risk is associated with a vulnerable file from Dell “dbutil_2_3.sys” along with 5 newly discovered vulnerabilities related to the file, a Dell driver that Dell machines install and load during the BIOS update process that is unloaded at the next reboot.

The vulnerabilities are collectively assigned to CVE-2021-21551:

CVE-2021-21551 Local Elevation of Privileges Memory corruption
CVE-2021-21551 Local Elevation of Privileges Memory corruption
CVE-2021-21551 Local Elevation of Privileges Lack of input validation
CVE-2021-21551 Local Elevation of Privileges Lack of input validation
CVE-2021-21551 Denial of Service Code logic issue

These types of vulnerabilities are not considered critical since an attacker exploiting them needs to have previously compromised the computer. However, when successful, it allows attackers to gain persistence on infected hosts.

Following Dell’s Instructions, below is a summary of steps to mitigate these vulnerabilities:

Cynet provides full visibility on Dell “.sys” drivers and enables security and IT personnel to remotely mitigate the vulnerability and delete the file via Cynet360 Console.

The following easy steps will assist in this task:

Figure 01: Enable the threat hunting module via the scan group settings

Figure 02: Using the threat hunting module to create a policy with the “dbutil_2_3.sys” value

Figure 03: An alert will be triggered upon detection by the threat hunting policy

Figure 04: Create an Auto-Remediation rule to delete the vulnerable driver.

As always, we are available for any question or concerns and any time further assistance is required.

Contact Cynet CyOps
(Cynet Security Operations Center)

The Cynet CyOps team is available 24×7 to clients for any issues, questions or comments related to Cynet 360. For additional information, you may contact us directly at:

Email:

CyOps Mailbox – [email protected]

CyOps Team Leader – [email protected]

CyOps Manager – [email protected]com

Phone:

Israel +972 72-3369736

UK +44 2032 909051

US +1 (347) 474-0048