Eclypsium security researchers have found serious vulnerabilities in more than 40 drivers of 20 hardware vendors. The researchers presented their work at the Def Conference in Las Vegas.
According to the researchers, the vulnerabilities can easily be exploited by hackers to use malware, writes Silicon Angle. The vulnerabilities are found in drivers from Asus, Huawei, Intel, Nvidia and Toshiba.
The vulnerable drivers allow a cybercriminal to use legitimate driver functions to perform malicious actions within Windows. This is also possible in the Windows kernel, according to the researchers.
All these vulnerabilities make the driver work as a proxy to allow high privilege access to the hardware resources, the researchers tell us. These include read and write access to the processor and chipset I/O space, Model Specific Registers, Control Registers, Debug Registers, physical memory and kernel virtual memory.
Since many of the drivers are designed to update firmware, the driver not only provides the necessary privileges but also the mechanism to make changes.
Microsoft
It is striking that all vulnerable drivers were certified by Microsoft. The revelation therefore calls into question Microsoft’s certification process.
Hardware and drivers certified by the company go through a testing process of Windows Hardware Quality Labs. This is a process in which several tests are carried out, including tests related to security.
Although a vulnerability is occasionally missed, it has never happened before that so many drivers from so many different hardware suppliers with certification have been found to contain errors at the same time.
Errors solved
The researchers do report that a number of companies have solved the problems before publication. These include Intel and Huawei. In other drivers, however, the errors are still present.
The problem is that the problems affect all modern versions of Windows, and there is no universal mechanism to prevent a Windows machine from loading one of the bad versions.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
41 minutes ago
