Dell driver fix still allows Windows Kernel-level attacks


Level 37
Thread author
Top poster
Feb 4, 2016
In May 2021, a set of five vulnerabilities in Dell computer drivers collectively tracked as CVE-2021-21551 was disclosed and fixed after it remained exploitable for 12 years.

However, Dell's fix wasn't comprehensive enough to prevent additional exploitation, and as security researchers warn now, it is an excellent candidate for future Bring Your Own Vulnerable Driver (BYOVD) attacks.

"We found that Dell's update didn't fix the write-what-where condition but only limited access to administrative users. According to Microsoft's definition of security boundaries, Dell's fix removed the security issue," explains Rapid7 researcher Jake Baines.

"However, the partially fixed driver can still help attackers."

What’s BYOVD​

BYOVD is the abbreviation for "Bring Your Own Vulnerable Driver," an attack technique in which threat actors install a legitimate but vulnerable driver on a target machine.
This vulnerable driver is then exploited to elevate privileges or execute code on the target system.