The Black Hat security conference is coming to an end in Las Vegas, and the DEF CON hacker convention is about to begin. Critical warnings for Windows users emerged quickly, and this new problem puts at risk “all modern versions of Microsoft Windows”, which can compromise millions of Windows 10 systems.
What was found
The research concluded by finding a common design flaw within the hardware drivers from multiple sources, including Huawei, Intel, NVIDIA, Realtek Semiconductor, SuperMicro and Toshiba, including every major BIOS vendor.
Eclypsium’s research team were looking at how insecure drivers can be abused to attack a system and take advantage of it. “Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component,” the researchers say “can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host.”
The Windows kernel at the very heart of the operating system is at risk.
Unfortunately, the problematic drivers weren’t “rogue” drivers, but official ones, all from verified vendors, signed by designated certificate authorities and certified by Microsoft.
The flawed drivers not only provide the leverage to make significant changes but also the privileges to do so.
Mickey Shkatov, principal researcher at Eclypsium stated that some vendors like Intel and Huawei have already issued updates. Unfortunately, there is no universal mechanism to keep a Windows machine from loading one of these unknown corrupted drivers
Microsoft recommends the use of the Windows Defender Application Control to block known vulnerable software and drivers and also the usage of the Edge browser for the best protection.