Major security flaw found in most popular drivers

Joanna Estrada
August 13, 2019

Mickey Shkatov, a principal researcher at Eclypsium, told zDNet that "Some vendors, like Intel and Huawei, have already issued updates".

MORE THAN 40 Windows device drivers contain vulnerabilities that could be exploited to perpetrate elevation of privilege attacks on PCs and servers.

All the modern version of Windows are affected by firmware driver vulnerability and this information was revealed at the DEF CON hacker convention.

The drivers were found to have design flaws that enable what are meant to be "low-privilege" applications to be used by a threat actor in such a way as to potentially compromise parts of the Windows operating system that should only be accessible by "privileged" applications. Because these programmes sit between the hardware and the OS, they usually enjoy privileged access to the kernel not freely available to normal users or system administrators in everyday operation.

In some cases, the flaw, which affects Windows kernels that could allow hackers to gain control of device's hardware and firmware by granting them access to the core systems on a device. This flexibility "can be misused by userspace applications to perform arbitrary read/write" of sensitive sources like the kernel that should have been protected from such actions. "However, if a vulnerable driver is not already on a system, administrator privilege would be required to install a vulnerable driver", the Eclypsium researchers warned in an advisory.

According to Shkatov, bad coding practices that don't take security into account are responsible for the flaws. However, Eclypsium has not yet named all of the impacted vendors as some need extra time to address the issue. "Since numerous drivers themselves are created to update firmware, the driver is providing not only the necessary privileges but also the mechanism to make changes".

Eclypsium has notified all of the hardware vendors whose drivers allow userspace apps to run kernel code and so far the list of affected companies includes American Megatrends International (AMI), ASRock, ASUSTeK Computer, AMD, Biostar, EVGA, Getac, GIGABYTE, Huawei, Insyde, Intel MSI, NVIDIA, Phoenix Technologies, Realtek Semiconductor, SuperMicro and Toshiba.

Other reports by Click Lancashire

Discuss This Article