Unsolved
2 Posts
0
315
MECM - Dell Third Party Software Update Catalog Re-introduces CVE-2021-21551
Bit of a heads up really,
We just re-enabled Dells TPU in MECM after about a year hiatus, it's brought in "Dell OpenManage Inventory Agent(for Dell Business Client Systems), 2.3.0.0" (from 22/01/2021) and this installs DBUtil_2_3.sys (C:\WINDOWS\TEMP\DBUtil_2_3.Sys) which is a security vulnerability as per https://www.dell.com/support/kbdoc/en-au/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
If anyone has this version of the inventory agent, you might want to mitigate the security vulnerability from a year ago. I've submitted a job to Dell requesting they replace & supersede this version of the agent in the catalogue.