Dell driver fix still allows Windows Kernel-level attacks

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,520
In May 2021, a set of five vulnerabilities in Dell computer drivers collectively tracked as CVE-2021-21551 was disclosed and fixed after it remained exploitable for 12 years.

However, Dell's fix wasn't comprehensive enough to prevent additional exploitation, and as security researchers warn now, it is an excellent candidate for future Bring Your Own Vulnerable Driver (BYOVD) attacks.

"We found that Dell's update didn't fix the write-what-where condition but only limited access to administrative users. According to Microsoft's definition of security boundaries, Dell's fix removed the security issue," explains Rapid7 researcher Jake Baines.

"However, the partially fixed driver can still help attackers."

What’s BYOVD​

BYOVD is the abbreviation for "Bring Your Own Vulnerable Driver," an attack technique in which threat actors install a legitimate but vulnerable driver on a target machine.
This vulnerable driver is then exploited to elevate privileges or execute code on the target system.