Vulnerabilities found in more than 40 Windows device drivers that could be exploited to compromise PCs and servers
The drivers belong to 20 Microsoft-certified hardware and BIOS vendors, including Intel and Huawei
More than 40 Windows device drivers contain security vulnerabilities that could be exploited to perpetrate elevation of privilege attacks on PCs and servers.
That's according to specialists at cyber security firm Eclypsium, which claims that the faulty drivers are responsible for powering devices by some of the world's biggest electronics companies and BIOS makers - including Intel, Toshiba, Huawei and Asus. All versions of Windows are affected, Eclypsium claims.
A device driver enables communication between the hardware and the operating system kernel. Because these programmes sit between the hardware and the OS, they usually enjoy privileged access to the kernel not freely available to normal users or system administrators in every day operation.
Any malware running in the user space could scan for a vulnerable driver on the victim machine and then use it to gain full control over the system
Thus, any weakness in a device driver could enable a malicious programme to achieve kernel privileges at the user level and to gain direct access to hardware and firmware.
The new vulnerabilities found in hardware drivers by Eclypsium researchers could allow them to act as a proxy to carry out privileged access to hardware resources, such as arbitrary read/write access to chipset I/O space, physical memory, kernel memory, control registers, model-specific registers, and debug registers.
"Any malware running in the user space could scan for a vulnerable driver on the victim machine and then use it to gain full control over the system and potentially the underlying firmware. However, if a vulnerable driver is not already on a system, administrator privilege would be required to install a vulnerable driver," the Eclypsium researchers warned in an advisory.
According to the researchers, bad coding practices - not taking security into account, especially in the age of always-connected computers - are to blame for such flaws.
Eclypsium added it has already notified each of the 20 hardware vendors about their faulty drivers. Of those vendors, 15 have released updates for those drivers. They include:
- Huawei
- Intel
- Toshiba
- NVIDIA
- GIGABYTE
- Biostar
- AsRock
- American Megatrends International
- Realtek Semiconductor
- ASUSTeK Computer
- ATI Technologies (AMD)
- EVGA
- Getac
- Insyde
- SuperMicro
- Micro-Star International
- Phoenix Technologies
Three vendors, whose names were not disclosed by Eclypsium, need more time to update their drivers. They are expected to release the fixes in coming days.
Discovering vulnerabilities in device drivers is not uncommon for security researchers. In March, Microsoft researchers said that they had discovered a flaw in Huawei's device manager driver for the MateBook line of high end laptops, which could enable attackers to undermine the security of the Windows Kernel and create processes with superuser privileges.
In June, Microsoft said that it was updating a Broadcom wireless network driver that contained multiple vulnerabilities.