Drivers in Windows make sure that the device can talk to the Windows OS. The exchange of information goes as deep at the Kernel level. Any vulnerability in the drivers can impact a majority of devices and can let access to functions which usually need root-level access. For example, any vulnerability in individual hardware vendor drivers allowed applications with user privileges to read and write with the privileges of the Kernel.
Design flaw allows widespread Windows compromise
An application installed on the computer can use these to gain access to the computer. The driver issue is alarming as the problem of insecure drivers is widespread. It affects:
- More than 40 drivers from at least 20 different vendors
- The list includes almost every major BIOS OEM including Asus, NVIDIA, Huawei, etc.
BIOS updates are not very common, especially on a system which doesn’t offer software solution in Windows. While Windows handle the updates through the update system, it becomes essential henceforth that a resolution from OEM is provided, and offered upfront.
That said, the team also found that all the vulnerable drives have passed through Microsoft certification. They have already engaged with the Microsoft support team to make sure to get those drivers blacklisted.
In the meantime, Microsoft said that to exploit vulnerable drivers, an attacker would need to have already compromised the computer. To help mitigate this class of issues, Microsoft recommends that customers use Windows Defender Application Control to block known vulnerable software and drivers, and also turn on memory integrity.
So unless a vulnerable driver has been installed, you are good to go. It also means that signed by valid Certificate Authorities and certified by Microsoft may not be as safe as used to be. Microsoft and third-party certifiers need to be more confident and alert from next time.
You can read more at Eclypsium.com.
