Gadgets
Dell Issues a Patch to Fix Flaws Impacting Its Computers Going Back to 2009
According to Dell, the vulnerable driver module is not available pre-installed on its machines and is available only once you have applied a BIOS, Thunderbolt, TPM, or dock firmware update to your system.
Dell also sent this statement to Gadgets 360: “We remediated a vulnerability (CVE-2021-21551) in a driver (dbutil_2_3.sys) affecting certain Windows-based Dell computers. We have seen no evidence this vulnerability has been exploited by malicious actors to date. We encourage customers to review the Dell Security Advisory (DSA-2021-088) and follow the remediation steps as soon as possible. We’ve also posted an FAQ for additional information. Thanks to the researchers for working directly with us to resolve the issue.””
Threat intelligence firm SentinelLabs discovered the issues that exist in Dell’s firmware update driver version 2.3 (dbutil_2_3.sys) module. The same module is not just limited to Dell machines but also some Alienware gaming laptops and desktops. SentinelLabs also cautioned that the vulnerable driver module could still be used in a BYOVD attack as Dell did not revoke the certificate while releasing the patch.
Gadgets 360 has reached out to Dell for further clarification.
One of the first issues in the firmware update driver module is that it accepts Input/ Output Control (IOCTL) requests without any Access Control (ACL) requirements.
“Allowing any process to communicate with your driver is often a bad practice since drivers operate with the highest of privileges; thus, some IOCTL functions can be abused ‘by design’,” SentinelLabs researcher Kasif Dekel said.
The driver module is also found to allow execution of In/ Out (I/O) instructions in kernel mode with arbitrary operands (LPE #3 and LPE #4). This in simpler terms means that one could interact with peripheral devices such as the HDD and GPU to either read or write directly to the disk by bypassing all security mechanisms in the operating system.
Additionally, the driver file itself is found to be located in the temporary folder of the operating system. SentinelLabs calls it a bug in itself and believes that it opens the door to other issues.
“The classic way to exploit this would be to transform any BYOVD (Bring Your Own Vulnerable Driver) into an Elevation of Privileges vulnerability since loading a (vulnerable) driver means you require administrator privileges, which essentially eliminates the need for a vulnerability,” the researcher noted.
Dell is aware of the issues reported by SentinelLabs since December 2020 and has tracked them as CVE-2021-21551. The vulnerabilities also carry CVSS vulnerability-severity rating of 8.8 out of 10. However, both Dell and SentinelLabs note that they haven’t noticed any evidence of the vulnerabilities being exploited in the wild.
For all the affected machines, Dell has released the patch that users are highly recommended to install from their end through the Dell or Alienware Update utility. The company has also provided a list of models that are being stand vulnerable due to the bugs. The list includes over 380 models and includes some of the popular Dell machines, such as the latest XPS 13 and XPS 15 notebooks as well as the Dell G3, G5, and G7 gaming laptops. There are also nearly 200 affected machines that are no longer eligible for an official service and include the Alienware 14, Alienware 17, and the Dell Latitude 14 Rugged Extreme.
This is not the first time when a severe security issue has been found on Dell machines. In 2019, the company patched a critical flaw in its SupportAssist tool that affected millions of its PC users globally. Another serious issue was found in the Dell System Detect program back in 2015 that also exposed a large number of its users to attack.
“At Xbox, we believe that with better tools, creators can make even more extraordinary games,” Haiyan Zhang, GM, Xbox Gaming AI, said in a blog post. “This partnership will bring together: Inworld’s expertise in working with generative AI models for character development, Microsoft’s cutting-edge cloud-based AI solutions including Azure OpenAI Service, Microsoft Research’s technical insights into the future of play, and Team Xbox’s strengths in revolutionizing accessible and responsible creator tools for all developers.”
The aforementioned AI design copilot is a toolset that will help game designers turn prompts into scripts and dialogue trees. In contrast, the character runtime will enable dynamically generated plot beats and quests. We’ve already seen heavy AI integration in games by way of procedural generation — a more recent example being the 1000+ planets in Starfield. Not to mention, enemy AI has been around for way longer.
Inworld made headlines in August when it launched a modded story mode for Grand Theft Auto V, Sentient Streets, in which players had to investigate the rise of a bizarre AI-worshipping cult — a segment loaded with characters that spoke in AI-generated dialogue, on the fly. The mod was later taken down by publisher Take-Two, leaving a permanent strike on the creator Bloc’s YouTube channel. As per The Verge, Inworld’s AI technology can also be used for narration in top-down RPGs to warn players about any events awaiting off-screen and respond to questions like we’ve seen in the past year with AI chatbots like ChatGPT and Bing Chat. Microsoft has also been heavily banking on artificial intelligence, having made a $10 billion (about Rs. 83,254 crore) investment in OpenAI. The company has also integrated AI tools into its popular suite of services and also added an AI copilot to Windows.
Despite being a Microsoft-affiliated AI toolset, it would be interesting to see whether titles using them will be allowed to thrive on other platforms. In July, Valve claimed that it would be cracking down on games that included AI-generated assets if the developer didn’t own the copyright to the piece of art. For the uninitiated, when you insert a prompt to create something in AI, the software simply repurposes existing assets found online and mushes them together — basically stealing from other artists and writers without appropriate commercial licenses. Infringing them would lead to the game not being distributed on Steam, forcing the developers to seek proper licenses for the asset by reaching out to the AI companies involved. It’s unclear how Microsoft’s partnership will play out — as long as AI content is being used as a catalyst to innovate and create something new, it should be fine.
In a post on X shared by BSNL’s Andhra Pradesh (@bsnl_ap_circle) unit, the company confirmed that BSNL users can upgrade their older 2G or 3G SIMs to a 4G SIM for free. Not only will the upgrade be free, but a promotional image shared with the post suggests that users who opt for the upgrade will also receive 4GB of free data that will be valid for three months. It is speculated that BSNL is aiming to boost its upcoming 4G services with this offer. The announcement was first spotted by Telecom Talk.
To access the free data offer and the free upgrade, BSNL users are requested to get in touch with executives at BSNL’s Customer Service Centre, franchisee or retailer stores, or contact one of their Direct Selling Agents (DSA). The promo image also adds in a finer print that the offer is available with certain terms and conditions, but hasn’t detailed any, so far.
Reliance’s Jio recently launched the 4G-supported Bharat B1 feature phone in India. The handset is priced at Rs. 1,299 in India. Alongside 4G connectivity, the phone comes with JioCinema and JioSaavn applications pre-installed.
The Jio Bharat B1 is equipped with the JioPay application, which is said to allow users to make UPI payments. Aiming to increase accessibility, the phone supports 23 languages overall, including multiple regional languages.
Realme, via Weibo, announced the arrival of the Realme GT 5 Pro in China. The display of the handset is confirmed to offer 3000 nits peak brightness. It has also been teased to offer heat dissipation with a surface area of around 10,000mm2. It is confirmed to ship with Qualcomm’s new Snapdragon 8 Gen 3 SoC. The post doesn’t specify the exact launch date of the smartphone, however, given the release of the teasers, the launch could be just around the corner.
The Realme GT 5 Pro has been in the news a lot lately. It is expected to feature a 6.78-inch (1,264×2,780 pixels) AMOLED display and is tipped to come in 8GB, 12GB, and 16GB RAM options along with 128GB, 256GB, 512GB, and 1TB inbuilt storage options.
For optics, the Realme GT 5 Pro is said to have a triple rear camera unit comprising two 50-megapixel sensors and an 8-megapixel shooter at the rear. The camera setup might include a Sony LYTIA LYT808 sensor, an OmniVision OV08D10 secondary sensor, and a Sony IMX890 telephoto sensor. For selfies, there could be a 32-megapixel sensor at the front. It is said to carry a 5,400mAh battery with support for 100W wired charging and 50W wireless charging.
The Realme GT 5 Pro is expected to come with upgrades over Realme GT 5. The latter was launched in China in August with a price tag of CNY 2,999 for the base model with 12GB of RAM and 256GB of storage.
-
Solar Energy3 years agoDLR testing the use of molten salt in a solar power plant in Portugal
-
Camera1 year agoDJI Air 3 vs. Mini 4 Pro: which compact drone is best?
-
world news1 year ago
Gulf, France aid Gaza, Russia evacuates citizens
-
Indian Defense3 years ago
Israeli Radar Company Signs MoU To Cooperate With India’s Alpha Design Technologies
-
Camera1 year agoSony a9 III: what you need to know
-
Solar Energy1 year agoGlencore eyes options on battery recycling project
-
Camera4 years agoCharles ‘Chuck’ Geschke, co-founder of Adobe and inventor of the PDF, dies at 81
-
world news1 year ago
Strong majority of Americans support Israel-Hamas hostage deal
