Security Alert (A21-05-04): Vulnerability in Dell products
05 May 2021
Dell has released a security advisory update to fix an insufficient access control vulnerability in the Dell dbutil driver. A local authenticated attacker could execute a specially crafted code to exploit the vulnerability.
Dell Windows operating system using firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, Dell Platform Tags, or Dell notification solution.
A successful attack could lead to escalation of privileges, denial of service, or information disclosure on an affected system.
The product vendor has released a utility to remove the vulnerable dbutil driver from the affected system. Users and system administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. The utility are available at:
To prevent reintroduction of a vulnerable dbutil driver, users of affected systems should also obtain and run the latest firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags as applicable.