Malware attacks to affect Windows PCs through faulty drivers
Security researchers found new vulnerabilities in more than 40 drivers that have been certified by Microsoft.
The problem is in the driver code that enables communication between the OS kernel and the hardware, providing a higher permission level than a normal user or an administrator.
The driver vulnerabilities could affect millions
The list of hardware manufacturers affected include huge companies like Intel, Nvidia, Huawei, Toshiba, and Asus. Here’s how the cybersecurity team at Eclypsium, who found the vulnerabilities, describe them:
All these vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory. This is a privilege escalation as it can move an attacker from user mode (Ring 3) to OS kernel mode (Ring 0). The concept of protection rings is summarized in the image below, where each inward ring is granted progressively more privilege. It is important to note that even Administrators operate at Ring 3 (and no deeper), alongside other users. Access to the kernel can not only give an attacker the most privileged access available to the operating system, it can also grant access to the hardware and firmware interfaces with even higher privileges such as the system BIOS firmware.
This is the case with BIOS and UEFI firmware that once affected, can’t be repaired by a OS reinstall.
All versions of Windows are affected
It’s worth mentioning that over 40 drivers were affected, and the issue applies to all versions of Windows, not just Windows 10.
Microsoft is strongly advising its customers to use Windows Defender Application Control to block unknown software and to turn on memory integrity for capable devices in Windows Security.
Here’s the full list of affected vendors:
- ASUSTeK Computer
- ATI Technologies (AMD)
- Micro-Star International (MSI)
- Phoenix Technologies
- Realtek Semiconductor
Some of them have already deployed fixes, but others are still under embargo.
To keep your system safe, be sure to regularly scan for outdated drivers and install the latest driver fixes from the aforementioned manufacturers.
To help you, we’ve prepared a guide on how to update outdated drivers, so be sure to check it out.
- How to: Update graphics driver on Windows 10
- 9 best antivirus software with encryption to secure your data
- Microsoft Defender ATP is the new cross-platform security offering from Microsoft
One common Power BI error is The base version must not be negative. Most users report that they failed to save the modification to the […]
Microsoft is working on improving old technologies and adapt them for the future. In a new Patent Application, the Redmond giant is describing the use […]
All the websites on the Internet operate from a server. Since WordPress launch in 2003 as a spin-off of a blogging application known as B2, […]