How do I inventory dbutil_2_3.sys to identify a Dell Vulnerability

book

Article ID: 214393

calendar_today

Updated On:

Products

Inventory Solution IT Management Suite Client Management Suite Management Platform (Formerly known as Notification Server)

Issue/Introduction

This custom inventory example will find all instances of dbutil_2_3.sys as noted below. 

A driver (dbutil_2_3.sys) packaged with Dell Client firmware update utility packages and software tools contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is first required before this vulnerability can be exploited.

For more information, see the Dell article "Additional Information Regarding DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver"

CVE 2021-21551 - Dell's BIOS Driver Privilege Escalation Flaws

Resolution

  1. Create a new custom data class that will store the file information for each computer.
    1. Go to Settings>All Settings then Settings>Discovery and Inventory>Inventory Solution>Manage Custom Data Classes.
    2. Click New data class.
    3. Name the data class something appropriate and click OK. Use this exact data class name later in the custom inventory script.
    4. Click Add attribute.
    5. Name the attribute "ComputerName", set Key to "No", and click OK.
    6. Add another attribute the same way named "Location".
    7. Add another attribute the same way named "InventoryDate".
    8. Click Save Changes.
    9. Go to Settings>All Settings>Discovery and Inventory>Manage Custom Data Classes. In the middle panel highlight the custom data class created in step A above (in our example, and click on the icon. You will see the Data Class Details dialog box pop up. Copy the Table Name and the GUID to a text file.
  2. Create a Custom Inventory Script Task.
    1. Go to Manage>Jobs and Tasks.
    2. Browse the folder drop-down menu to where you would like to add a custom inventory script task.
    3. Right-click on the folder, then select New>Task.
    4. Select the Run Script task.
    5. Name the task appropriately.
    6. Select Script type: VBScript.
    7. Copy and paste the entire VBScript below into the large text box of the script task. Then edit the script to use the custom data class created in step 1-3, and the full path and name of the desired file.

'********************************************************************************
' Custom inventory VBS script to scan for files anywhere with by name 
' For additional values see CIM_DataFile info: https://msdn.microsoft.com/en-us/library/aa387236(v=vs.85).aspx
'********************************************************************************
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
Set wshShell = WScript.CreateObject( "WScript.Shell" )
ComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")
nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}" ' Don't modify this GUID
nse.Priority = 1

' Custom Dataclass GUID goes here
set objDCInstance = nse.AddDataClass ("{Paste GUID you copied from Step A9 above HERE}")
set objDataClass = nse.AddDataBlock (objDCInstance)
Set objCIMObj = objWMIService.ExecQuery("SELECT Name, Version FROM CIM_DataFile where FileName = 'dbutil_2_3'")
count = 0
 For each objInfo in objCIMObj
  count = 1
  set objDataRow = objDataClass.AddRow 'Add a new row
  objDataRow.SetField 0, CStr(ComputerName)
  objDataRow.SetField 1, objInfo.Name
  objDataRow.SetField 2, objInfo.Version
  objDataRow.SetField 3, CStr(now)
 Next
if (count = 0) then
 set objDataRow = objDataClass.AddRow 'Add a new row
 objDataRow.SetField 0, CStr(ComputerName)
 objDataRow.SetField 1, "Not Found"
 objDataRow.SetField 2, cstr(now)
End If
nse.Send ' Send the NSE data to the NS server
'MsgBox nse.Xml 'Uncomment for testing on local machine

 

Note:
If you'd rather use a PowerShell script, please find it attached.

 

After created the custom data class and the custom inventory script task has ran on your client machines, you can create a Report to review the information collected. You can use the following example query for your report:

select [Paste Table Name you copied from Step A9 above HERE].[ComputerName], [Paste Table Name you copied from Step A9 above HERE].[Location], [Paste Table Name you copied from Step A9 above HERE].[InventoryDate] 
from Paste Table Name you copied from Step A9 above HERE
left join vComputer on vComputer.Guid = [Paste Table Name you copied from Step A9 above HERE].[_ResourceGuid]

Attachments

1620405729784__Dell dbutil Powershell script.txt get_app