[HN Gopher] Dell patches 12-year-old driver vulnerability impact...
___________________________________________________________________
Dell patches 12-year-old driver vulnerability impacting millions of
PCs
Author : giuliomagnifico
Score : 114 points
Date : 2021-05-04 15:10 UTC (7 hours ago)
(HTM) web link (labs.sentinelone.com)
(TXT) w3m dump (labs.sentinelone.com)
| 45ure wrote:
| I read this CVE with some interest, to see if it provides a
| solution to a frustrating problem, involving a Latitude 5300
| (2-in-1). The problem: once the device is fully charged and
| subsequently shutdown, it rapidly drains the battery to around
| 80% within a few hours - at which point it retains the remaining
| charge. The problem is less pronounced, when it is put into sleep
| mode.
|
| I have been through numerous suggestions and permutations; 'hard'
| shutdown by holding the power button for varying durations, BIOS
| updates, OS updates (W10 latest build/version/updates/drivers),
| manufacturer specific driver updates, fresh rebuilds, tweaking
| power,wake,idle,throttle settings for CPU, network adapters (via
| BIOS and OS), date/time anomalies, turning off Modern/Connected-
| Standby, Registry hacks etc. Furthermore, I have contemplated
| using Wireshark and other tools to diagnose the problem, but that
| would require a significant chunk of my time troubleshooting a
| device, which I expect to work, out of the box. I resent the
| fact, that no explanation or a solution is forthcoming from Dell,
| which is a matter of concern.
|
| The post below describes my conundrum, fairly accurately.
|
| https://www.dell.com/community/Latitude/Latitude-7400-batter...
| anonymousiam wrote:
| I have always used the DOS/FreeDOS method to update my Dell
| firmware. Seems silly to let an insecure OS such as Windows have
| write access to the BIOS. It would provide an easy path to the
| holy grail of malware persistence.
| secondcoming wrote:
| Every time I've updated the BIOS on my Dell laptop it's been
| done on the next boot, before Windows starts.
| orev wrote:
| The update process that runs in the OS would need to use the
| driver at issue here to write the new firmware into flash at
| some staging location. After that is done, then you reboot,
| and the chips see there's a staged update and applies it.
| dr-detroit wrote:
| Imagine working at a company.
| naikrovek wrote:
| i find it crazy that you think DOS is secure when compared to
| windows. or anything else, really.
| vetinari wrote:
| Neither FreeDOS nor Windows have direct write access to the
| BIOS. They use the UEFI capsule mechanism (i.e. let UEFI update
| itself on the next reboot).
| darig wrote:
| Dude!
| lgats wrote:
| https://cve.report/CVE-2021-21551
| excalibur wrote:
| > This bug is nothing out of the ordinary.
|
| In summation
| dang wrote:
| We've changed the URL from https://therecord.media/dell-
| patches-12-year-old-driver-vuln..., which points to this.
|
| From the guidelines: " _Please submit the original source. If a
| post reports on something found on another site, submit the
| latter._ "
|
| https://news.ycombinator.com/newsguidelines.html
| giuliomagnifico wrote:
| Okay thanks!
| anonymousiam wrote:
| Seems to be an optional package. It's not on any of my Dell
| hardware. Not the sort of thing a security-conscious person would
| willingly install anyway.
| martey wrote:
| From the security company's report at
| https://labs.sentinelone.com/cve-2021-21551-hundreds-of-mill...
| :
|
| > _The firmware update driver component, which is responsible
| for Dell Firmware Updates via the Dell Bios Utility, comes pre-
| installed on most Dell machines running Windows and freshly
| installed Windows machines that have been updated._
|
| Dell's security advisory page
| (https://www.dell.com/support/kbdoc/en-
| us/000186019/dsa-2021-...) suggests that it would be installed
| if you installed any of a number of their update programs:
|
| > _This driver file may have been installed on your Dell
| Windows operating system when you used firmware update utility
| packages, Dell Command Update, Dell Update, Alienware Update,
| Dell System Inventory Agent, or Dell Platform Tags, including
| when using any Dell notification solution to update drivers,
| BIOS, or firmware for your system._
| dang wrote:
| Ok, we've changed the URL at the top to that one, from
| https://therecord.media/dell-patches-12-year-old-driver-
| vuln..., which points to it. Thanks!
| greenyoda wrote:
| The "Process Hacker" tool that this article refers to seems
| quite useful. It can be found here:
| https://processhacker.sourceforge.io (free GPL software)
| annoyingnoob wrote:
| When you manage a number of Dell computers, the Dell Update
| package is helpful. Dell Update will alert you when there are
| updates available. Not so different than Windows Update.
| Keeping up to date with drivers and firmware is a security-
| conscious thing to do.
|
| I don't use any of the other Dell software/packages but I find
| Update helpful.
| DeusExMachina wrote:
| It's not clear from the article, but my reading is that while the
| bug was introduced 12 years ago, it was discovered and fixed only
| now.
|
| Which is different from knowing about it but ignoring it for 12
| years.
| antibuddy wrote:
| I'd infer from the CVE naming (CVE-2021-21551) that it was
| discovered this year.
___________________________________________________________________
(page generated 2021-05-04 23:00 UTC)