An Interest In:
Web News this Week
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
Some of Our Sources
- The Logo Smith
- Naldz Graphics
- Fudge Graphics
- Web Design Ledger
- Reencoded
- 24 Ways
- Design Modo
- Daily Now
- Dev To
- TechPowerUp
Help Webnuz
Referal links:
May 5, 2021 05:04 pm GMT
SentinelLabs chronicled its findings in CVE-2021-21551, which details five individual flaws. Two of these point out flaws that can escalate user privileges through controlled memory corruption, two with lack of input validation; and one with denial of service. Organizations that have remote updates enabled for their client machines are at risk, since the flaw can be exploited over network. "An attacker with access to an organization's network may also gain access to execute code on unpatched Dell systems and use this vulnerability to gain local elevation of privilege. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement," writes SentielLabs in its paper.
Original Link: https://www.techpowerup.com/281799/hundreds-of-millions-of-dell-laptops-and-desktops-vulnerable-to-privilege-escalation-attacks
Hundreds of Millions of Dell Laptops and Desktops Vulnerable to Privilege Escalation Attacks
Dell notebooks and desktops dating all the way back since 2009hundreds of millions of them the PC giant has shipped sinceare vulnerable to unauthorized privilege escalation attacks, due to a faulty OEM driver the company uses to update the computer's BIOS or UEFI firmware, according to findings by cybersecurity researchers at SentinelLabs. "DBUtil," a driver that Dell machines load during automated or unattended BIOS/UEFI update processes initiated by the user from within the OS, is found to have vulnerabilities that malware can exploit to "escalate privileges from a non-administrator user to kernel mode privileges."SentinelLabs chronicled its findings in CVE-2021-21551, which details five individual flaws. Two of these point out flaws that can escalate user privileges through controlled memory corruption, two with lack of input validation; and one with denial of service. Organizations that have remote updates enabled for their client machines are at risk, since the flaw can be exploited over network. "An attacker with access to an organization's network may also gain access to execute code on unpatched Dell systems and use this vulnerability to gain local elevation of privilege. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement," writes SentielLabs in its paper.
Original Link: https://www.techpowerup.com/281799/hundreds-of-millions-of-dell-laptops-and-desktops-vulnerable-to-privilege-escalation-attacks
Share this article:
Tweet
View Full Article
Leading tech publication