module
Dell DBUtilDrv2.sys Memory Protection Modifier
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
The Dell DBUtilDrv2.sys drivers version 2.5 and 2.7 have a write-what-where condition
that allows an attacker to read and write arbitrary kernel-mode memory. This module
installs the provided driver, enables or disables LSA protection on the provided
PID, and then removes the driver. This would allow, for example, dumping LSASS memory
even when secureboot is enabled or preventing antivirus from accessing the memory of
a chosen PID.
The affected drivers are not distributed with Metasploit. You will truly need to
Bring Your Own (Dell) Driver.
that allows an attacker to read and write arbitrary kernel-mode memory. This module
installs the provided driver, enables or disables LSA protection on the provided
PID, and then removes the driver. This would allow, for example, dumping LSASS memory
even when secureboot is enabled or preventing antivirus from accessing the memory of
a chosen PID.
The affected drivers are not distributed with Metasploit. You will truly need to
Bring Your Own (Dell) Driver.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.