Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said.

The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code and pivot to other parts of the network for lateral movement, according to SentinelLabs.

The multiple local privilege-escalation (LPE) bugs exist in the firmware update driver version 2.3 (dbutil_2_3.sys) module, which has been in use since 2009. The driver component handles Dell firmware updates via the Dell BIOS Utility, and it comes pre-installed on most Dell machines running Windows.

Read more…
Source: ThreatPost