This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dell Client Vulnerability DSA-2021-088

Go to solution
ucorreia
Engaged Sweeper

‎05-05-2021 08:22 PM

Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
Labels:
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
kjstech
Engaged Sweeper III

‎05-05-2021 08:39 PM

ucorreia wrote:
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability


We setup a custom file scan in Lansweeper to at least give an overview of which systems have the file on it...
%windir%\Temp\dbutil_2_3.sys

Dell claims it may also be in %userprofile%\AppData\Local\Temp\dbutil_2_3.sys as well but I have yet to see it there. Its always in Windows\temp in our environment.

Then from there you can extract the dell files to an accessable share and run psexec against a list of computers \\domain\dfs\share\DBUtilRemovalTool.exe /s for example.

View solution in original post

2 REPLIES 2
Go to solution
kjstech
Engaged Sweeper III

‎05-05-2021 08:39 PM

ucorreia wrote:
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability


We setup a custom file scan in Lansweeper to at least give an overview of which systems have the file on it...
%windir%\Temp\dbutil_2_3.sys

Dell claims it may also be in %userprofile%\AppData\Local\Temp\dbutil_2_3.sys as well but I have yet to see it there. Its always in Windows\temp in our environment.

Then from there you can extract the dell files to an accessable share and run psexec against a list of computers \\domain\dfs\share\DBUtilRemovalTool.exe /s for example.
Go to solution
looktall
Engaged Sweeper III
In response to kjstech

‎10-06-2021 10:02 AM

kjstech wrote:
ucorreia wrote:
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability


We setup a custom file scan in Lansweeper to at least give an overview of which systems have the file on it...
%windir%\Temp\dbutil_2_3.sys

Dell claims it may also be in %userprofile%\AppData\Local\Temp\dbutil_2_3.sys as well but I have yet to see it there. Its always in Windows\temp in our environment.

Then from there you can extract the dell files to an accessable share and run psexec against a list of computers \\domain\dfs\share\DBUtilRemovalTool.exe /s for example.


That's similar to what i did.

I configured a custom file scan for the dbutil sys file.

Then i created a report based on the custom file scan to locate the affected devices.

Then I then created a deployment for the DBUtilremoval tool.
Step 1 of the deployment checks for a log file, step two runs the removal tool and creates a log file on the local machine once complete.

I then created a scheduled deployment to target devices in the report as they are scanned.

The end result is any computer that has the vulnerability automatically has it removed (provided it stays online long enough to be scanned and then have the deployment tool run).


Ultimately though the fix is to update the bios.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now