UPDATED 22:33 EST / AUGUST 11 2019

SECURITY

Researchers find serious vulnerabilities in 40+ device drivers

Security researchers have uncovered serious vulnerabilities in more than 40 drivers from 20 hardware vendors that could easily be exploited by hackers to deploy malware.

The finding, presented by researchers from Eclypsium Inc. at the DEF CON conference in Las Vegas over the weekend involves a Who’s Who of hardware makers and BIOS providers, including AsusTek Computer Inc., Huawei Technologies Co. Ltd., Intel Corp., Nvidia Corp. and Toshiba Corp., with one common denominator: The vulnerable drivers were all certified by Microsoft Corp.

The vulnerable drivers in question allow a bad actor to use legitimate driver functions to execute malicious actions within Windows including the Windows kernel.

“All these vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers, Control Registers, Debug Registers, physical memory and kernel virtual memory,” the researchers explained. “Since many of the drivers themselves are designed to update firmware, the driver is providing not only the necessary privileges but also the mechanism to make changes.”

While it’s a stretch to say all affected users of affected devices are “screwed,” as The Hacker News suggested Sunday, the findings are still disturbing in that they not only present a security issue but also call into question Microsoft’s certification process.

Hardware and drivers submitted to Microsoft go through Windows Hardware Quality Labs testing, a process that involves running a series of tests including those related to security. The occasionally missed vulnerability is not particularly notable and has happened before, but this many drivers from so many hardware providers is a whole new level of questionable certification.

The only good news from the researchers is that before publication some of the companies with the vulnerable drivers have addressed them, including Intel and Huawei, but the vulnerability remains in drivers provided by others. “These issues apply to all modern versions of Microsoft Windows and there is currently no universal mechanism to keep a Windows machine from loading one of these known bad drivers,” the researchers noted.

Image: Eclypsium

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU