Researchers at firmware security company Eclypsium have analyzed device drivers from major vendors and identified over 40 drivers from 20 firms containing serious vulnerabilities that can be exploited to deploy persistent malware.
Device drivers provide access to the BIOS/UEFI or other system components with the purpose of allowing users to update firmware, perform diagnostics, and change settings. However, vulnerabilities in these drivers can pose a serious threat as they can allow an attacker to escalate privileges to the highest level and become highly persistent.
Privilege escalation flaws were previously found in drivers from Huawei, ASUS, ASRock, Gigabyte and others, and some sophisticated threats, such as the Slingshot campaign and some Fancy Bear attacks, exploited these types of weaknesses to deploy rootkits.
Eclypsium wanted to find out just how common device driver vulnerabilities are and its researchers analyzed software from AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gigabyte, Huawei, Insyde, Intel, MSI, NVIDIA, Phoenix Technologies, Realtek, SuperMicro, Toshiba, and other vendors who have not been named due to their work in highly regulated environments.
According to Eclypsium, the security holes found by its employees in these drivers can be exploited to escalate privileges from user mode to kernel mode, which gives a piece of malware running on the targeted machine access not only to ..
Support the originator by clicking the read the rest link below.
