Stories
Slash Boxes
Comments

SoylentNews is people

Device Driver Disaster: Over 40 Signed Drivers Can’t Pass Security Muster

posted by Fnord666 on Sunday August 11 2019, @01:13PM   Printer-friendly
from the can't-drive-a-manual-either dept.

upstart writes:

Submitted via IRC for AnonymousCoward

Driver Disaster: Over 40 Signed Drivers Can't Pass Security Muster

An insecure driver can be just what a hacker needs to get its foot in the door to a Windows environment. Compromised drivers are at the heart of massive security headaches ranging from recent Slingshot APT campaigns and LoJax malware. That’s why researchers at Eclypsium are sounding the alarm over what it sees as a dire security problem of insecure drivers digitally signed by reputable firms such as Microsoft.

At a session here at DEF CON on Saturday, Eclypsium’s principal researcher Mickey Shkatov was joined by researcher Jesse Michael and both shed light on research that showed that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors – all drivers being certified by Microsoft.

“These vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources and move an attacker from user mode to OS kernel mode,” researchers noted. They added that the vulnerabilities are widespread, impacting major BIOS vendors, as well as hardware sold by ASUS, Toshiba, NVIDIA and Huawei.

Researchers said they first pinpointed the issue in April when they culled 40 insecure drivers representing 20 vendors. They then gave offending companies a 90-day window to mitigate the issues. All 40 drivers are unique and 64-bit and signed by two separate vendors, researchers said.

“Some of the most dangerous [insecure driver attack scenarios] are arbitrary read/write of kernel memory, arbitrary read/write of model specific registers (MSRs), and arbitrary read and write of physical memory as these can all be used to achieve arbitrary code execution within the Windows kernel,” researchers told Threatpost.

Shkatov added that arbitrary hardware access via an insecure driver can allow malicious modification of firmware components, resulting in persistent subversion of existing Windows AV protection. Such was the case in March when Huawei MateBook systems included a rogue driver that let unprivileged users create processes with superuser privileges.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Device Driver Disaster: Over 40 Signed Drivers Can’t Pass Security Muster | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Funny) by Anonymous Coward on Sunday August 11 2019, @06:07PM (1 child)

    by Anonymous Coward on Sunday August 11 2019, @06:07PM (#878925)

    You installed a systemd OS, and you're bitching about it not working. lol!

    Starting Score:    0  points
    Moderation   +1  
       Troll=1, Interesting=1, Funny=1, Total=3
    Extra 'Funny' Modifier   0  
    Total Score:   1  

  • (Score: 2) by driverless on Monday August 12 2019, @07:15AM

    by driverless (4770) on Monday August 12 2019, @07:15AM (#879110)

    That's the neat thing about Linux, there's so many distros that everyone gets at least one complete distro to (1) love and (2) hate, without there being any overlap with anyone else's pet love/hate distro.