Pests via Windows driver: manufacturer Sluts in safety

Posted on by

Security researchers have identified multivendor vulnerabilities in drivers for Windows. Affected are about 20 well-known companies.

“Bad habits in programming, give the issue of safety no attention”: This is according to Mickey Shkatov, Director of research at security company Eclypsium, the reason for security holes in Windows-device drivers, 20 well-known IT manufacturers. How zdnet.com reported, Eclypsium reported on the Hacker conference DEF CON 27 vulnerabilities in more than 40 Kernel drivers from 20 manufacturers.

The security-prone drivers can obtain common, that the attacker write the device software access to sensitive areas of the Windows operating system. Including the Kernel, is practically the Basis of the operating system is built on the advanced features, the modern interface, and more.

Actually, the driver level and the Kernel should be against interference by malicious Software, protected. The error of the driver programmer is revealed when signed drivers write to offer functions for the Kernel, and the appropriate Software, this exploit can: without restrictions or checks on the part of Microsoft go hand in hand.

Display

“Programmer to design drivers, to fulfill a certain task. You will be flexible in design and bring a cheerful functions, the independent Software can access. It is easier to design the drivers so that time is but a risk.“, Shkatov said.

20 manufacturers were affected, of which only the following 17 companies have so far failed to respond with Updates. The Remaining will not be called: for example, because additional time is for the problem is necessary. The following companies have already released Updates:

  • American Megatrends International (AMI)
  • ASRock
  • ASUSTeK Computer
  • ATI Technologies (AMD)
  • Biostar
  • EVGA
  • Getac
  • GIGABYTE
  • Huawei
  • Insyde
  • Intel
  • Micro-Star International (MSI)
  • NVIDIA
  • Phoenix Technologies
  • Realtek Semiconductor
  • SuperMicro
  • Toshiba

Eclypsium would like to designate from time to time to be concerned, the manufacturer and the driver. CPUS from Intel, the Skylake-Generation can put over Windows‘ HVCI-function (Hypervisor-enforced Code of Integrity) driver on a black list. In many cases, the user must, however, create a Hand – and the drivers to manually check for Updates.

Microsoft says, meanwhile, that the driver-a gap that can only be dangerous if an attacker has already received access to a System. The company recommends that you to block about the Windows Defender, known issue-Software and drivers. Under settings, Windows, the Redmond company Update, and then Windows security recommend to enable compatible devices to the testing of memory integrity. More information in the Blog entry of Eclypsium.

SHARE ON
TwitterFacebookWhatsAppBufferLinkedInPin It

See also:

  1. Windows 10: Updates to plug all security gaps
  2. Vulnerability in Windows: System update urgently
  3. Thunderspy: Intel responds to Thunderbolt vulnerability
  4. Windows Defender Antivirus gets sandbox function
  5. Windows 10 Patch KB4551762: Re-problems after Update
  6. Windows 10 may 2020 Update: ISO-Download via Tool available and known issues
  7. Zoom, Slack, Teams, and co.: App-Ranking shows safety risks in the Home Office
  8. The Fraunhofer study recognizes safety problems in 127 routers
  9. Windows 7 after end of Support: prices and availability for paid Updates
  10. Windows 10 January 2019 Update comes automatically on PCs with Stand 1809