Driver disaster: More than 40 signed drivers fail to meet safety standards

Dozens of insecure drivers come from 20 manufacturers and illustrate the widespread weaknesses of

kernel protection. LAS VEGAS – An unsecured driver is just what hackers need to get on their feet in the Windows environment. Compromised drivers are at the centre of huge security headaches, starting with recent Slingshot APT campaigns and LoJax malware. This is why Eclypsium researchers warn of what they see as a serious safety problem for unreliable drivers who have been digitally signed by trusted companies such as Microsoft.At Saturday's DE

F CON conference, Eclypsium's principal researcher Mickey Shkatov joined researcher Jesse Michael, both of which highlighted research that showed that the problem of insecure drivers is widespread and affects more than 40 drivers from at least 20 different manufacturers. all drivers are certified by Micros

oft." These vulnerabilities allow the driver to act as a proxy with privileged access to hardware resources and move the attacker from user mode to operating kernel mode," the researchers noted. They added that the vulnerability is widespread and has implications for major BIOS suppliers as well as hardware sold by ASUS, Toshiba, NVIDIA and Huawei. The rese

archers said they first explored the issue in April, when they put down 40 undecided drivers who represented 20 manufacturers. They then gave the offending companies a period of 90 days to alleviate the problems. According to the researchers, all 40 drivers are unique and 64-bit, and signed by two s

eparate manufactur[bizonytalan illesztőprogram-támadás forgatókönyvek]ers." The most dangerous is any read/write of kernel memory, any read/write of model-specific registers (MSR), and arbitrary reading and writing of physical memory, as each of these can be used for arbitrary access. code execution within the Windows kernel ,"- the researchers told Thr

eatpost.CSKAtov added that arbitrary hardware access through an unsecured driver could allow malicious modification of firmware components, which could result in continuous undermining of existing Windows AV protection. This was the case in March, when Huawei MateBook systems included a rogue driver that allowed non-advantageous users to create processes with superuser privileges. Accordi

ng to the researchers, this problem makes the assumption that companies like Microsoft are hindering undecided drivers. "Manufacturers say Microsoft is looking for this, and they're not, and Microsoft says manufacturers are delivering secure code. "No one assumes the issue on this issue," Shkatov told Threatpost

.The public exploitation of the unsafe drivers mentioned in the conversation involves increasing the privileged vulnerability of an ASUS driver, escalating MSI's local privilege, and another privilege escalation error found in gigabyte hardware. W

hy are there so many insecure drivers? "This is a generic software design anti-pattern in which, instead of performing the driver only for specific tasks, it is flexibly written to perform arbitrary activities on behalf of the user space. It is easier to develop software by structuring drivers and applications in this way, but it opens the system for recovery ", the researcher

said. They also stress that just because the driver is signed and certified does not mean that it is safe." Of

particular concern is that the drivers in question were not villainous or pityful – in fact, quite the opposite. All drivers are from a trusted third-party manufacturer, signed by valid certification authorities and certified by Microsoft," he

said. According to Michael and Shkatov, the antidote is that Microsoft will enhance and blacklist windows secure drivers for all users or specific GENERATIONs of CPUs." We

hope that the same actions that have been taken against the vulnerable Capcom driver can be done with this group of drivers that we found," shkat

ov said.Capcom's game maker released a secret root kit for popular Street Fighter V PCs in 2016 that gave all deployed app core privileges. It should also be noted that for Huawei MateBook systems, Microsoft found the wrong driver that opened the systems for attacks. As part of the

ir research, Michael and Shkatov published a report on the results, which partially listed the relevant manufacturers mention

ed in their research: American Megatr
ends Inte
rnational (AMI) ASRo
ck ASUSTeK Computer ATI
Technolog
ies (AMD
) Biosta
r EVGA Geta
c GIGABYTE
Huawei I
nsyde In
tel Micro-Star International (
MSI) NVIDI
A Phoenix Technologie
s Realtek Semicondu
ctor SuperMi
cro Toshiba

Közösségi megosztás:

Be the first to comment

Leave a Reply