Ancient update driver endangers hundreds of millions of Dell computers – iTnews

A vulnerable driver for firmware updates that has shipped with hundreds of millions of Dell desktops, laptops, notebooks and tablets could be abused by attackers to gain kernel-mode privileges for code and should be patched urgently.
SentinelOne researcher Kasif Dekel analysed the dbutil_2_3.sys driver for Windows which has shipped with Dell machines since 2009, and discovered five different flaws.
Four of them allow local privilege escalation through memory corruption and no input validation.
A…

Click here to view the original article.