Dell vulnerability - CVE-2021-21551.

EDR query can identify the endpoints if they are affected by dell vulnerability CVE-2021-21551.

https://nakedsecurity.sophos.com/2021/05/05/dell-fixes-exploitable-holes-its-own-firmware-update-driver-patch-now/

    -- Check if the dbutil_2_3.sys file is present or not
    SELECT
   CASE WHEN (SELECT 1 FROM file WHERE path LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path LIKE 'C:\Windows\Temp\dbutil_2_3.sys') = 1
      THEN 'SYSTEM IS VULNERABLE: dbutil_2.3.sys located in directory '|| (SELECT directory FROM file WHERE path LIKE 'C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys' OR path LIKE 'C:\Windows\Temp\dbutil_2_3.sys')
      ELSE 'file-not-found dbutil_2_3.sys -- This device is not vulnerable'
   END Status

RaviSoni

Uncategorized

Anomalies

ATT&CK

Cloud Optix

Compliance

Data Lake

Device

Email

Events

Files

Live Response

Network

Other queries

Processes

Query Tips

Registry

Threat Hunting

User

Dell vulnerability - CVE-2021-21551.