DSA-2021-152: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell DBUtilDrv2.sys Driver

Proprietary Code CVE	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36276	Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.	8.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

The vulnerability described in the above table exists in versions 2.5 and 2.6 of the DBUtilDrv2.sys driver. This driver may have been installed on the Windows operating system of your Dell Client platform by one or more impacted products or components.

Refer to the “Affected Products and Remediation” section of this advisory for details regarding:

• The list of impacted platforms, products, and components
• The remediation steps including:
  • How to remove the vulnerable driver from your system.
  • How to obtain an updated, remediated version of the driver. 
• What to know when using end of service life (aka end of support) platforms, products, or components

Additional, related information is available in this FAQ

This section includes the following subsections:

1. Affected platforms, products, and components.
2. Remediation Steps:
   1. Determine impacted platforms, products, and components in your environment.
   2. Remove the vulnerable driver from your system.
   3. Obtain an updated, remediated version of the driver.
3. What to know when installing a firmware update using an unremediated firmware update utility package.
4. What to know when using end of service life (aka end of support) platforms, products, or components.

 
1. Affected platforms, products, and components
The vulnerable driver (DBUtilDrv2.sys versions 2.5 and 2.6) may have been installed on to the Windows operating system of your Dell Client platform by one or more of the following products or components:

• Impacted firmware update utility packages, including BIOS update utilities, Thunderbolt firmware update utilities, TPM firmware update utilities, and dock firmware update utilities (see Note 1 and Note 2 below).
• Any of the Dell Download Notification solutions, including Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business).
• Dell System Inventory Agent
• Dell Platform Tags
• Dell BIOS Flash Utility

• This information is split into two tables with Table A listing impacted, supported platforms and Table B listing impacted platforms which have reached end of service life (aka end of support).

 
2. Remediation Steps
Execute the following three steps to remediate this vulnerability:

• 2.1. Determine impacted platforms, products, and components in your environment.
• 2.2. Remove the vulnerable driver from your system.
• 2.3. Obtain an updated, remediated version of the driver.

Details on each step are provided below.  

• Action 1: Remove version 2.5 or 2.6 of the DBUtilDrv2.sys  driver from your system as described in 2.2.2.
• Action 2: Obtain an updated, remediated version of the driver described in 2.3.  

• This information is split into two tables with Table A listing impacted, supported platforms and Table B listing impacted platform which have reached end of service life (aka end of support).

• Any of the Dell Download Notification solutions including, Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business)?
• Dell System Inventory Agent
• Dell Platform Tags
• Dell BIOS Flash Utility

• Action 1: Update to a remediated version of the product or component as described in 2.2.1.
• Action 2: Remove version 2.5 or 2.6 of the DBUtilDrv2.sys  driver from your system as described in 2.2.2.

• Any of the Dell Download Notification solutions including, Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business)
• Dell System Inventory Agent
• Dell Platform Tags
• Dell BIOS Flash Utility

• Manually update to version 4.2.1 or greater
  • Visit the Dell Support Drivers and Download site for updates for your platform
    OR
  • If the self-update feature of these components is not enabled on your system, you can:
    • On an internet connected system, open / run the application
    • Click “Check for Updates”.

• Reboot your system.

• Manually update to the latest available version:
  • Dell SupportAssist for Home PCs version 3.10 or greater includes the remediated driver.
  • Dell SupportAssist for Business PCs version 3.0 or greater includes the remediated driver.
    OR
  • If the self-update feature of these components is not enabled on your system, you can:
    • On an internet connected system, open / run the application
    • Click “Check for Updates”.

• Reboot your system.

• Synchronize your Microsoft System Center Configuration Manager’s third-party updates feature, or Microsoft System Center Update Publisher (along with Windows Server Updates Services) to the latest Dell-provided catalog. Doing so will update the systems in your enterprise environment with the updated, remediated Dell System (OpenManage) Inventory Agent.

• Update to version 2.7.0.2 or greater by downloading / applying the latest available update on this page .
• Reboot your system.

• Update to version 4.0.34.0 or greater by downloading / applying the latest available update on this page.
• Reboot your system.

• Update to version 3.3.13, A08 or greater by downloading / applying the latest available update on this page.
• Reboot your system.

• Manually download and run a utility to remove the driver from the system (Option A).
• Utilize one of the Dell Download Notification solutions to automatically obtain and run a utility to remove the driver from the system (Option B).
• Manually remove the driver from the system (Option C).

• On an internet connected system, open / run the application
• Click “Check for Updates”.
• Select and apply the option for “DBUtil Removal Utility”.

• If the driver is in use during uninstall, please follow the Windows Device Manager prompts to complete the uninstall process.
• Associated driver files will be auto-deleted as part of the driver uninstall process from Windows Device Manager. However, the version 2.5 DBUtilDrv2.sys  driver files may remain on the system. Customers can follow below instructions to check and delete (if needed):

• dbutildrv2.cat
• DBUtilDrv2.inf
• DBUtilDrv2.sys

• With your next scheduled firmware update, download and apply the latest available firmware update utility which contains a remediated DBUtilDrv2.sys driver. Customers can use one of the Dell Download Notification solutions to receive updated firmware update utility packages, as applicable.
• Reboot your system

• If you update your BIOS, Thunderbolt firmware, TPM firmware, or dock firmware prior to the updates being available, you must also execute one of the three options defined in Step 2.2.2 of this section – even if you have previously performed this step – immediately following the update.

 
3. What to know when installing a firmware update using an unremediated firmware update utility package
You should still execute the steps in Sections 2.1 and 2.2 now. However, if you later update your BIOS, Thunderbolt firmware, TPM firmware, or dock firmware, to a version prior to the versions listed in Table A, you must take the following actions after applying the firmware update:

1. Reboot your system.
2. Repeat step 2.2.2 to again remove version 2.5 or 2.6 of the DBUtilDrv2.sys driver from your system.

4. What to know when using end of service life (aka end of support) platforms, products, or components
Remediated packages will not be provided for end of service life platforms (see Table B). Therefore, you must:

1. Execute the steps in Sections 2.1 and 2.2.
2. After applying any firmware update, including BIOS, Thunderbolt firmware, TPM firmware, or dock firmware:

• Reboot your system.
• Repeat step 2.2.2 to again remove version 2.5 or 2.6 of the DBUtilDrv2.sys driver from your system.