{"id":3081,"date":"2021-05-06T11:34:40","date_gmt":"2021-05-06T11:34:40","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=3081"},"modified":"2021-09-21T15:03:05","modified_gmt":"2021-09-21T15:03:05","slug":"using-sophos-edr-to-identify-endpoints-impacted-by-dell-kernel-driver-vulnerability-cve-2021-21551","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/ja-jp\/2021\/05\/resources\/using-sophos-edr-to-identify-endpoints-impacted-by-dell-kernel-driver-vulnerability-cve-2021-21551\/","title":{"rendered":"Sophos EDR \u3092\u4f7f\u7528\u3057\u3066\u3001Dell \u30ab\u30fc\u30cd\u30eb\u30c9\u30e9\u30a4\u30d0\u306e\u8106\u5f31\u6027 (CVE-2021-21551) \u306e\u5f71\u97ff\u3092\u53d7\u3051\u305f\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3092\u7279\u5b9a"},"content":{"rendered":"

Dell \u306e Windows \u30ab\u30fc\u30cd\u30eb\u30c9\u30e9\u30a4\u30d0\u306e 1\u3064\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u767a\u898b\u3055\u308c\u307e\u3057\u305f\u3002\u6a29\u9650\u6607\u683c\u3001\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u3001\u60c5\u5831\u6f0f\u6d29\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b 5\u3064\u306e\u95a2\u9023\u30d0\u30b0\u306f\u3001\u307e\u3068\u3081\u3066 CVE-2021-21551 \u306b\u5206\u985e\u3055\u308c\u307e\u3059\u3002<\/p>\n

Dell \u306f\u30012021\u5e74 5\u6708 4\u65e5\u306b\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u30d1\u30c3\u30c1<\/a>\u3092\u767a\u884c\u3057\u307e\u3057\u305f\u3002\u306a\u308b\u3079\u304f\u65e9\u304f\u9069\u7528\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/p>\n

\u30d0\u30b0\u306f 2009 \u5e74\u307e\u3067\u9061\u308a\u3001Dell \u516c\u5f0f\u30ea\u30b9\u30c8\u3067\u306f\u5f71\u97ff\u3092\u53d7\u3051\u308b\u88fd\u54c1\u304c\u591a\u304f\u306e\u30da\u30fc\u30b8\u306b\u53ca\u3073\u307e\u3059\u3002\u305d\u306e\u7d50\u679c\u3001IT \u30c1\u30fc\u30e0\u306b\u3068\u3063\u3066\u306e\u8ab2\u984c\u306f\u3001\u7d44\u7e54\u304c\u3053\u306e\u554f\u984c\u306b\u5f71\u97ff\u3092\u53d7\u3051\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3001\u305d\u306e\u5f71\u97ff\u7bc4\u56f2\u3001\u6642\u9593\u3068\u4fee\u5fa9\u4f5c\u696d\u306b\u9069\u5207\u306b\u7126\u70b9\u3092\u5f53\u3066\u308b\u65b9\u6cd5\u3092\u7279\u5b9a\u3059\u308b\u3053\u3068\u3067\u3059\u3002<\/p>\n

Sophos EDR \u3092\u4f7f\u7528\u3057\u305f\u30af\u30a8\u30ea\u30fc<\/h2>\n

Sophos Endpoint Detection and Response<\/a>\u00a0(EDR) \u3092\u4f7f\u7528\u3059\u308b\u3068\u3001\u30c7\u30d0\u30a4\u30b9\u306b\u3053\u306e\u8106\u5f31\u6027\u306b\u95a2\u9023\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u308b\u304b\u3069\u3046\u304b\u3001\u305d\u3057\u3066\u305d\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u308b\u30c7\u30d0\u30a4\u30b9\u306e\u6570\u3092\u7c21\u5358\u306b\u7279\u5b9a\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u4fee\u5fa9\u4f5c\u696d\u306b\u96c6\u4e2d\u3057\u3001\u554f\u984c\u3092\u8fc5\u901f\u306b\u5bfe\u51e6\u3067\u304d\u307e\u3059\u3002<\/p>\n

\u30bd\u30d5\u30a9\u30b9\u306f\u3001\u304a\u5ba2\u69d8\u306e\u7d44\u7e54\u5168\u4f53\u306b\u304a\u3044\u3066\u3069\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u304c\u8106\u5f31\u3067\u3001\u6ce8\u610f\u3055\u308c\u308b\u3079\u304d\u304b\u3092\u7279\u5b9a\u3059\u308b\u30ab\u30b9\u30bf\u30e0\u30af\u30a8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3057\u305f\u3002\u307e\u305f\u3001\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u8106\u5f31\u6027\u304c\u306a\u3044<\/em>\u304b\u3069\u3046\u304b\u3082\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n

Sophos Central \u306e\u8105\u5a01\u89e3\u6790\u30bb\u30f3\u30bf\u30fc\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3001\u300cLive Discover\u300d\u3092\u9078\u629e\u3057\u3066\u3001\u65b0\u3057\u3044\u30af\u30a8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n

\"\"<\/a>
\u300c\u65b0\u3057\u3044\u30af\u30a8\u30ea\u306e\u4f5c\u6210\u300d\u3092\u9078\u629e\u3057\u307e\u3059\u3002<\/figcaption><\/figure>\n

\u4ee5\u4e0b\u306e\u30af\u30a8\u30ea\u3092\u30b3\u30d4\u30fc\u3057\u307e\u3059\u3002<\/p>\n

\u00a0 -- Check if the dbutil_2_3.sys file is present or not SELECT<\/strong> \u00a0 \u00a0CASE<\/strong>\u00a0WHEN<\/strong>\u00a0(SELECT<\/strong>\u00a01 FROM<\/strong>\u00a0file<\/strong>\u00a0WHERE<\/strong>\u00a0path LIKE<\/strong>\u00a0'C:\\Users\\%\\AppData\\Local\\Temp\\dbutil_2_3.sys'\u00a0OR<\/strong>\u00a0path LIKE<\/strong>\u00a0'C:\\Windows\\Temp\\dbutil_2_3.sys') = 1 \u00a0 \u00a0 \u00a0 THEN<\/strong> 'SYSTEM REQUIRES ATTENTION: File for CVE-2021-21551 (dbutil_2.3.sys) located in directory '|| (SELECT<\/strong>\u00a0directory<\/strong>\u00a0FROM<\/strong>\u00a0file<\/strong>\u00a0WHERE<\/strong>\u00a0path LIKE<\/strong>\u00a0'C:\\Users\\%\\AppData\\Local\\Temp\\dbutil_2_3.sys'\u00a0OR<\/strong>\u00a0path LIKE<\/strong>\u00a0'C:\\Windows\\Temp\\dbutil_2_3.sys') \u00a0 \u00a0 \u00a0 ELSE<\/strong> 'File for CVE-2021-21551 (dbutil_2_3.sys) not found' \u00a0 END<\/strong>\u00a0Status<\/pre>\n
 <\/p>\n
\"\"<\/a><\/p>\n
\u7d44\u7e54\u5168\u4f53\u3067\u30af\u30a8\u30ea\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n
\"\"<\/a><\/p>\n
\u5f71\u97ff\u3092\u53d7\u3051\u305f\u30c7\u30d0\u30a4\u30b9\u306e\u4fee\u6b63<\/h2>\n
Dell\u3067\u306f\u3001\u554f\u984c\u306e\u3042\u308b\u30ab\u30fc\u30cd\u30eb\u30c9\u30e9\u30a4\u30d0\u3092\u624b\u52d5\u3067\u524a\u9664\u3059\u308b\u624b\u9806\u3092\u63d0\u4f9b<\/a>\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u624b\u9806\u306b\u306f\u3001\u6b21\u306e 2 \u3064\u306e\u5834\u6240\u306e\u3044\u305a\u308c\u304b\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n