MORE THAN 40 Windows device drivers contain vulnerabilities that could be exploited to perpetrate elevation of privilege attacks on PCs and servers.
That's according to specialists at cybersecurity firm Eclypsium, which claim that the faulty drivers are responsible for powering devices by some of the world's biggest electronics companies and BIOS makers - including Intel, Toshiba, Huawei and Asus. All versions of Windows are affected, Eclypsium claims.
A device driver enables communication between the hardware and the operating system kernel. Because these programmes sit between the hardware and the OS, they usually enjoy privileged access to the kernel not freely available to normal users or system administrators in everyday operation.
Thus, any weakness in a device driver could enable a malicious programme to achieve kernel privileges at the user level and to gain direct access to hardware and firmware.
The new vulnerabilities could allow them to act as a proxy to carry out privileged access to hardware resources, such as arbitrary read/write access to chipset I/O space, physical memory, kernel memory, control registers, model-specific registers, and debug registers.
"Any malware running in the user space could scan for a vulnerable driver on the victim machine and then use it to gain full control over the system and potentially the underlying firmware. However, if a vulnerable driver is not already on a system, administrator privilege would be required to install a vulnerable driver," the Eclypsium researchers warned in an advisory.
According to the researchers, bad coding practices - not taking security into account, especially in the age of always-connected computers - are to blame for such flaws.
Eclypsium added it has already notified each of the 20 hardware vendors about their faulty drivers. Of those vendors, 15 have released updates for those drivers. They include: Huawei, Intel, AMD, Toshiba, Nvidia, Gigabyte, Biostar, AsRock, American Megatrends International, Realtek Semiconductor, AsusTek, EVGA, Getac, Insyde, SuperMicro, Micro-Star International and Phoenix Technologies.
Three vendors, whose names were not disclosed by Eclypsium need more time to update their drivers, but are expected to release the fixes in coming days. µ
Much a (dil)do about nothing
Neither the time nor the face
The tiny tweaks are coming thick and fast now
Gitting more secure