Specialists from Cybersecurity Eclypsium conducted a study during which a critical flaw was found in the development of software for modern drivers for various devices. The company's report mentions software products from dozens of hardware manufacturers. The discovered vulnerability allows malware to elevate privileges, up to unrestricted access to hardware.
The long list of driver vendors that are fully approved by the Microsoft Windows Quality Lab includes major companies such as Intel, AMD, NVIDIA, AMI, Phoenix, ASUS, Huawei, Toshiba, SuperMicro, GIGABYTE, MSI, EVGA, and more. The vulnerability boils down to the fact that programs with a low level of rights can use legitimate driver functions to gain access to the system kernel and hardware components. In other words, user-space malware can scan for a vulnerable driver on the target machine and then use it to take control of the system. However, if the affected driver is not already on the system, then administrator rights will be required to install it.
As part of the study, Cybersecurity Eclypsium experts discovered three ways to elevate privileges using device drivers. Details of the exploitation of the driver vulnerability were not disclosed, but company representatives reported that a software solution is currently being developed that will eliminate the error. All driver vendors whose products are affected by this vulnerability have now been notified of the issue.
Source: 3dnews.ru