CVE-2021-21551 PoC — Dell dbutil Driver 安全漏洞

Source

Associated Vulnerability

Description

Script to patch your domain computers about the CVE-2021-21551. Privesc on machines that have the driver dbutil_2_3.sys, installed by some DELL tools (BIOS updater, SupportAssist...)

Readme

# Description
Script to patch your domain computers about the CVE-2021-21551. Privesc on machines that have the driver dbutil_2_3.sys, installed by some DELL tools (BIOS updater, SupportAssist...). It uses WinRM to invoke the checks on every domain-member computers. Tries to clean the vulnerable drivers & fullfill a .txt list with status.

# Usage - Remote version
1. Just launch the script, it does the job :)  
`PS> ./CVE-2021-21551-remotefix.ps1`

// Make sure that your clients are accessible with WinRM (PSRemoting). //  
// Else not, you can modify the script to run locally by a scheduled task, pushed by GPO. //

# Usage - Local version
`PS> ./CVE-2021-21551-localfix.ps1`  
In case that you can't access to your domain computers with WinRM, you can push that script with a GPO scheduled task.  
It will execute the script locally, clean the driver(s) and notify results by e-mail.  

1. Update these these 3 args :  
![image](https://user-images.githubusercontent.com/41639163/122671545-7fef0500-d1c7-11eb-9824-5da55c78ef09.png)  

2. Create a GPO targeted to your computers to run the script

File Snapshot

 [4.0K]  /data/pocs/bd719f2e2affdcafb0a4accbc31331e0c3b88315
├── [2.4K]  CVE-2021-21551_localfix.ps1
├── [4.1K]  CVE-2021-21551-remotefix.ps1
└── [1.1K]  README.md

0 directories, 3 files

Remarks