Extreme vulnerabilities in Dell firmware replace driver discovered and stuck

A computer screen filled with numbers is interrupted by a rudimentary image of a padlock.

Enlarge / Not less than three corporations have reported the dbutil_2_3.sys safety issues to Dell over the previous two years. (credit score: Blogtrepreneur / Flickr)

Yesterday, infosec analysis agency SentinelLabs revealed 12-year-old flaws in Dell’s firmware updater, DBUtil 2.3. The susceptible firmware updater has been put in by default on a whole lot of hundreds of thousands of Dell programs since 2009.

The 5 high-severity flaws SentinelLabs found and reported to Dell lurk within the dbutil_2_3.sys module, and so they have been rounded up below a single CVE monitoring quantity, CVE-2021-21551. There are two memory-corruption points and two lack of enter validation points, all of which might result in native privilege escalation and a code logic subject which might result in a denial of service.

A hypothetical attacker abusing these vulnerabilities can escalate the privileges of one other course of or bypass safety controls to put in writing on to system storage. This provides a number of routes to the last word purpose of native kernel-level entry—a step even increased than Administrator or “root” entry—to the complete system.

Learn Three remaining paragraphs | Feedback

Tagged : / / / / / /

The looming software program kill-switch lurking in getting old PlayStation {hardware}

These consoles could eventually be large paperweights if Sony doesn't fix a problem looming in their firmware.

Enlarge / These consoles may ultimately be giant paperweights if Sony does not repair an issue looming of their firmware.

Until one thing adjustments, a difficulty lurking in older PlayStations’ inside timing methods threatens to ultimately make each PS4 sport and all downloaded PS3 video games unplayable on present {hardware}. Proper now, it isn’t a matter of if however when this downside will happen.

This ticking firmware time bomb has been identified in sure PlayStation preservation and hacking circles for some time. But it surely’s gaining new consideration amid Sony’s just lately introduced resolution to close down the web shops for PS3, PSP, and Vita software program. Whereas that impending retailer shutdown will not impression gamers’ talents to play and re-download beforehand bought software program for now, the eventual wider shutdown of PSN servers for these getting old consoles may have a way more drastic impact on the playability of a large swath of video games.

What’s the issue?

The basis of the approaching subject has to do with the CMOS battery inside each PS3 and PS4, which the methods use to maintain monitor of the present time (even after they’re unplugged). If that battery dies or is eliminated for any cause, it raises an inside flag within the system’s firmware indicating the clock could also be out of sync with actuality.

Learn 6 remaining paragraphs | Feedback

Tagged : / / / / / / / /