cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ucorreia
Engaged Sweeper
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
1 ACCEPTED SOLUTION
kjstech
Engaged Sweeper III
ucorreia wrote:
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability


We setup a custom file scan in Lansweeper to at least give an overview of which systems have the file on it...
%windir%\Temp\dbutil_2_3.sys

Dell claims it may also be in %userprofile%\AppData\Local\Temp\dbutil_2_3.sys as well but I have yet to see it there. Its always in Windows\temp in our environment.

Then from there you can extract the dell files to an accessable share and run psexec against a list of computers \\domain\dfs\share\DBUtilRemovalTool.exe /s for example.

View solution in original post

2 REPLIES 2
kjstech
Engaged Sweeper III
ucorreia wrote:
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability


We setup a custom file scan in Lansweeper to at least give an overview of which systems have the file on it...
%windir%\Temp\dbutil_2_3.sys

Dell claims it may also be in %userprofile%\AppData\Local\Temp\dbutil_2_3.sys as well but I have yet to see it there. Its always in Windows\temp in our environment.

Then from there you can extract the dell files to an accessable share and run psexec against a list of computers \\domain\dfs\share\DBUtilRemovalTool.exe /s for example.
looktall
Engaged Sweeper III
kjstech wrote:
ucorreia wrote:
Any way to query affected computer by the new DELL Vulnerability?

https://www.dell.com/support/kbdoc/en-ca/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability


We setup a custom file scan in Lansweeper to at least give an overview of which systems have the file on it...
%windir%\Temp\dbutil_2_3.sys

Dell claims it may also be in %userprofile%\AppData\Local\Temp\dbutil_2_3.sys as well but I have yet to see it there. Its always in Windows\temp in our environment.

Then from there you can extract the dell files to an accessable share and run psexec against a list of computers \\domain\dfs\share\DBUtilRemovalTool.exe /s for example.


That's similar to what i did.

I configured a custom file scan for the dbutil sys file.

Then i created a report based on the custom file scan to locate the affected devices.

Then I then created a deployment for the DBUtilremoval tool.
Step 1 of the deployment checks for a log file, step two runs the removal tool and creates a log file on the local machine once complete.

I then created a scheduled deployment to target devices in the report as they are scanned.

The end result is any computer that has the vulnerability automatically has it removed (provided it stays online long enough to be scanned and then have the deployment tool run).


Ultimately though the fix is to update the bios.