module
Dell DBUtilDrv2.sys Memory Protection Modifier
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
The Dell DBUtilDrv2.sys drivers version 2.5 and 2.7 have a write-what-where condition
that allows an attacker to read and write arbitrary kernel-mode memory. This module
installs the provided driver, enables or disables LSA protection on the provided
PID, and then removes the driver. This would allow, for example, dumping LSASS memory
even when secureboot is enabled or preventing antivirus from accessing the memory of
a chosen PID.
The affected drivers are not distributed with Metasploit. You will truly need to
Bring Your Own (Dell) Driver.
that allows an attacker to read and write arbitrary kernel-mode memory. This module
installs the provided driver, enables or disables LSA protection on the provided
PID, and then removes the driver. This would allow, for example, dumping LSASS memory
even when secureboot is enabled or preventing antivirus from accessing the memory of
a chosen PID.
The affected drivers are not distributed with Metasploit. You will truly need to
Bring Your Own (Dell) Driver.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.