How to cope with the Critical Security Risk (CVE-2021-21551) for Hundreds of Millions of Dell computers since 2009 year

Dear all,

A critical security vulnerability in the “dbutil_2_3.sys” file, a driver for DELL computers, has been making headlines.

• CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

DELL has also officially acknowledged the problem and has started to release tools to fix it.

• DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver (DELL)

For those who have a DELL device, please carry out one of the following solutions.

Solution 1: Use a removal tool to delete the files (recommended)

• Dell Security Advisory Update – DSA-2021-088

Download the software from above and run (open) it.

As shown in the figure below, the file DBUtil_2_3.sys containing the vulnerability may not be found (not covered).

Solution 2: Delete the problem file (dbutil_2_3.sys) manually.

• C:\Users\<username>\ AppData (Hidden folder)\Local\Temp
• C:\Windows\Temp

Find and delete dbutil_2_3.sys from the above folder.
It may not exist.

Solution 3: Always be up-to-date via notification apps.

https://www.dell.com/support/contents/en-us/article/product-support/self-support-knowledgebase/software-and-downloads/download-center/drivers-and-downloads/notifications

You can install Dell SupportAssistant software from the above site to make sure your device’s Dell drivers and system are up to date. You can find detailed instructions on how to do this at the above site.

11th May, 2021