Edit: remembered Dell SupportAssist > History
Today, I'm not finding Failed with Restore System mentioned [here].
I'm not finding Dell Security Advisory Update - DSA-2021-088 - Installed.
Restore System ....remains head scratch.
[21-05-13 19:32:35] {Update.Operations.Domain.LegacyDCU.UpdatesAnalyzer.DupCatalogAnalyzer->INFO} [94] DF8CW, Dell Security Advisory Update - DSA-2021-088, 2.1.0 ...remains head scratch.
Hi Imacri,
I do recall "Installation Complete" with Installing updates (1 of 1) Dell Security Advisory Update - DSA-2021-088 [here].
Imacri:
I normally perform updates with Dell SupportAssist now, and sometimes run Dell Update for a second-opinion scan to confirm that both utilities are finding the identical list of available updates.
Appreciate, your "Recent activity" pics.
I recall seeing Restore System with Failed. I imagined Restore System with Failed was a definitive prompt to run (click) Restore System in order to restore machine to before a failed install/update. I ran Restore System with Failed - Dell SupportAssist event yesterday. System Restore would/could not get beyond restoring dialog spinning circle blue screen. I finally forced shut down. Then back at desktop. Dell Update and Support Assist reported up to date. Calling Restore System yesterday remains a head scratch. I imagined Norton Product Tamper Protection blocked System Restore. IDK
Now, seeing your Complete pics with Restore System. My imagined purpose of Restore System feels confused.
Now, I'm imaging Restore System as a benign "what if" a completed install/update may need to be rolled back.
Hmm, (head scratch) why I recall Restore System with Failed yesterday.
And now my Dell Update and SupportAssist report up to date. I'll try to remember to snip more pics next event/s.
Seeing your Complete pics with Restore System.
Restore System is obviously just a benign "what if" and not a definitive prompt to run Restore System.
Much appreciation -
Just an FYI that Dell has posted an additional FAQ at Additional Information Regarding DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver that answers some common questions about the buggy dbutil_2_3.sys driver described in the original Dell Security Advisory DSA-2021-008.
bjm_:...My Service.log regarding DSA-2021-088 is not so clear:
[21-05-13 19:32:35] {Update.Operations.Domain.LegacyDCU.UpdatesAnalyzer.DupCatalogAnalyzer->INFO} Package DF8CW (Dell Security Advisory Update - DSA-2021-088 version 2.1.0) ID match for 111084 (Dell DBUtil Removal Utility version 0.0)FWIW ~ my Service.log at > C:\ProgramData\Dell\UpdateService\Log\Service.log is attached.
Hi bjm_:
Sorry, I'm not an expert at reading Dell's Service.log file. If Dell Update v4.0.0 successfully installed the Dell Security Advisory Update DSA-2021-008 on your Inspiron 3780 I assume you would have seen a message something like this:
I normally perform updates with Dell SupportAssist now, and sometimes run Dell Update for a second-opinion scan to confirm that both utilities are finding the identical list of available updates. I'm not a big fan of Dell SupportAssist and its intrusive and heavy resource usage (I have disabled all automated update checks and optimization scans at Settings | Automate Scans and Optimizations | Scan Your System and Drivers) but it has the advantage that the History tab keeps a record of recent updates that completed successfully, like my Dell Security Advisory Update DSA-2021-008 v1.0.0.(A01) on 08-May-2021...
... as well as a record of recent updates that failed, like my first attempt to install the SupportAssist OS Recovery Tools v5.4.1.14954 update on 05-May-2021.
----------
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v20H2 build 19042.985 * Dell 5583/5584 BIOS v1.12.0 * Dell SupportAssist v3.9.0.234 * Dell Update v4.1.0
Hi bjm_:
Sorry, I don't know if the executable that runs when the Dell Security Advisory Update - DSA-2021-088 utility is delivered via Dell Update or Dell SupportAssist actually installs anything on the hard drive. The release notes <here> for the latest v2.1.0_A02 of this utility only states that the executable (Dell-Security-Advisory-Update-DSA-2021-088_DF8CW_WIN_2.1.0_A02.EXE) "will detect and uninstall the dbutil_2_3.sys driver from the system" and as far as I know that's all it does on home consumer products.
Hi Imacri,
Okay, the executable (Dell-Security-Advisory-Update-DSA-2021-088_DF8CW_WIN_2.1.0_A02.EXE) "will detect and uninstall the dbutil_2_3.sys driver from the system". Thanks
Your Service.log regarding DSA-2021-088 is clear:
[21-05-08 06:36:51] {Update.Operations.UpdateOperation->INFO} Install successful: 'Dell Security Advisory Update - DSA-2021-088' [6DRP5]
My Service.log regarding DSA-2021-088 is not so clear:
[21-05-13 19:32:35] {Update.Operations.Domain.LegacyDCU.UpdatesAnalyzer.DupCatalogAnalyzer->INFO} Package DF8CW (Dell Security Advisory Update - DSA-2021-088 version 2.1.0) ID match for 111084 (Dell DBUtil Removal Utility version 0.0)
FWIW ~ my Service.log at > C:\ProgramData\Dell\UpdateService\Log\Service.log is attached.
I don't think you have to worry if you've already updated your BIOS to v1.12.0. However, you might want to update your Dell Update utility from v4.0.0 (the version shown in your screenshot <here>) to v4.1.0 (rel. 29-Jan-2021).
Yeah, my System Information reports BIOS Version/Date Dell Inc. 1.12.0, 10/28/2020.
Okay, I'll see if I can get Dell Update v4.1.0.
More curious than worry.
but I've noticed that Dell Update doesn't always do a good job of auto-updating on my system.
Yeah, I don't have confidence with Dell nor HP Tools.
Thanks again.....
Edit: now my Dell Update is v4.1.0
bjm_:
...So, I'm curious if I can find the supposedly installed Security Advisory Update.
Hi bjm_:
Sorry, I don't know if the executable that runs when the Dell Security Advisory Update - DSA-2021-088 utility is delivered via Dell Update or Dell SupportAssist actually installs anything on the hard drive. The release notes <here> for the latest v2.1.0_A02 of this utility only states that the executable (Dell-Security-Advisory-Update-DSA-2021-088_DF8CW_WIN_2.1.0_A02.EXE) "will detect and uninstall the dbutil_2_3.sys driver from the system" and as far as I know that's all it does on home consumer products. The 2.x versions of this tool were enhanced after 09-May-2021 to "include logging capabilities, ability to run against multiple drives, enhanced exit codes" for enterprise customers but I received an earlier v1.0.0_A01 version so you would have to ask in the Dell Community if newer versions of this utility leave behind any traces on the hard drive after it executes.
I don't know if this helps, but v1.0.0_A01 of this utility was "installed" by Dell SupportAssist v3.9.0.234 on my Inspiron 5584 on 08-May-2021. I've attached a partial excerpt from C:\ProgramData\Dell\UpdateService\Log\Service.log (viewed with Notepad) related to installation of the Dell Security Advisory Update - DSA-2021-088.
Removal of all instances of the buggy dbutil_2_3.sys driver is just Step 1 of the remediation described in security advisory DSA-2021-088. Step 2 of the remediation states that "To prevent reintroduction of a vulnerable dbutil driver, obtain and run a remediated firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags as applicable." According to the support page <here> for your Inspiron 3780 the Dell Inspiron 3480/3580/3583/3780 System BIOS v1.12.0 (rel. 08-Jan-2020) is the latest available version (and the BIOS version recommended for the Inspiron 3780 in Table A of the security advisory DSA-2021-088) so I don't think you have to worry if you've already updated your BIOS to v1.12.0. However, you might want to update your Dell Update utility from v4.0.0 (the version shown in your screenshot <here>) to v4.1.0 (rel. 29-Jan-2021). I believe Dell Update is supposed to run a self-check at launch and auto-update if necessary (i.e., like Dell SupportAssist, currently v3.9.1.234) but I've noticed that Dell Update doesn't always do a good job of auto-updating on my system.
----------
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v20H2 build 19042.985 * Dell 5583/5584 BIOS v1.12.0 * Dell SupportAssist v3.9.0.234 * Dell Update v4.1.0
Edit: adding to Permalink
System Information
BIOS Version/Date Dell Inc. 1.12.0, 10/28/2020
Hi Imacri,
Okay. I was just curious if I can find the installed Security Advisory Update?
After reading > https://forums.malwarebytes.com/topic/274192-exploitcve202121551-false-positive/ and before I ran Dell Update [Permalink].
I was curious....so, I ran Malwarebytes Custom Scan.
-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Scheduler
Result: Completed
Threats Detected: 0
After Malwarebytes Custom Scan. I ran Dell Update.
So, I'm curious if I can find the supposedly installed Security Advisory Update.
Edit: just now remembered. I've had Dell Firmware - 0.1.12.0 Hidden (Update Manager for Windows).
Note: my Dell Services (Local) are usually set on Manual.
bjm_:Curious, what's dbutil_2_3.sys install path?
Hi bjm_:
According to Step 1 of the remediation instructions posted in the security advisory DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver (i.e., prior to the 10-May-2021 release of the automated Dell Security Advisory Update – DSA-2021-088 utility):
Option 2: Manually remove the vulnerable dbutil_2_3.sys driver:
Step A: Check the following locations for the dbutil_2_3.sys driver file
- C:\Users\<username>\AppData\Local\Temp
- C:\Windows\Temp
Step B: Select the dbutil_2_3.sys file and hold down the SHIFT key while pressing the DELETE key to permanently delete.
I noted in post # 2362948 of Microfix's Dells Bells on Horseback in the AskWoody Lounge that I was unable to find a dbutil_2_3.sys file in either C:\Windows\Temp or the hidden C:\Users\<myusername>\AppData\Local\Temp when I checked back on 05-May-2021, but added that it was possible that a custom disk clean I ran with CCleaner Portable v5.79 that cleans both these temp folders might have previously removed dbutil_2_3_sys from those folders.
----------
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v20H2 build 19042.985 * Dell 5583/5584 BIOS v1.12.0 * Dell SupportAssist v3.8.1.23 * Dell Update v4.1.0
Curious, what's dbutil_2_3.sys install path?
lmacri:Dell SupportAssist v3.9.0 delivered an update today (08-May-2021) for “Dell Security Advisory Update – DSA-2021-088” so I assume I’m patched now for the DBUtil driver vulnerability described in DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver. ...
Further to my 08-May-2021 post, my Inspiron 5584 is listed as an affected model in Table 1 of the DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver security advisory. The Dell 5583/5584 BIOS v1.12.0 (rel. 21-Jan-2021) recommended in that table was installed on 01-Feb-2021.
The support page <here> for my Inspiron 5584 also lists the Dell Security Advisory Update - DSA-2021-088 (now v2.0.0_A02, rel. 10-May-2021) as an urgent update, which confirms that this patch is recommended for my Inspiron 5584.
-----------
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v20H2 build 19042.928 * Dell 5583/5584 BIOS v1.12.0 * Dell SupportAssist v3.9.0.234 * Dell Update v4.1.0
Although I don't have the Dell Support Assistant installed any longer I ran the check tool on my Dell Inspiron 15r-5555 laptop although it doesn't appear on the list of affected products. DBUtil driver wasn't found. BIOS version A12, released 8/30/2016.
SA
Dell SupportAssist v3.9.0 delivered an update today (08-May-2021) for “Dell Security Advisory Update – DSA-2021-088” so I assume I’m patched now for the DBUtil driver vulnerability described in DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver.
-----------
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v20H2 build 19042.928 * Dell 5583/5584 BIOS v1.12.0 * Dell SupportAssist v3.9.0.234 * Dell Update v4.1.0