PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009. The issues reside in a firmware update driver named “dbutil_2_3.sys” that comes pre-installed on its devices. Hundreds of millions of desktops, laptops, notebooks, and tablets manufactured by the company are said to be vulnerable. No evidence of in-the-wild abuse has been detected, but SentinelOne plans to release the proof-of-concept (PoC) code on June 1, 2021.
Source: https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html