The Black Hat security conference is coming to an end in Las Vegas, and the DEF CON hacker convention is about to begin. Critical warnings for Windows users emerged quickly, and this new problem puts at risk “all modern versions of Microsoft Windows”, which can compromise millions of Windows 10 systems.
What was found
The research concluded by finding a common design flaw within the hardware drivers from multiple sources, including Huawei, Intel, NVIDIA, Realtek Semiconductor, SuperMicro and Toshiba, including every major BIOS vendor.
Eclypsium’s research team were looking at how insecure drivers can be abused to attack a system and take advantage of it. “Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component,” the researchers say “can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host.”
The Windows kernel at the very heart of the operating system is at risk.
Trusted drivers
Unfortunately, the problematic drivers weren’t “rogue” drivers, but official ones, all from verified vendors, signed by designated certificate authorities and certified by Microsoft.
The flawed drivers not only provide the leverage to make significant changes but also the privileges to do so.
Problem status
Mickey Shkatov, principal researcher at Eclypsium stated that some vendors like Intel and Huawei have already issued updates. Unfortunately, there is no universal mechanism to keep a Windows machine from loading one of these unknown corrupted drivers
Microsoft recommends the use of the Windows Defender Application Control to block known vulnerable software and drivers and also the usage of the Edge browser for the best protection.
I’m Francis E. Hagopian, and I’m the voice and vision behind Billionaire365.com. For the last 15 years, I’ve lived and breathed Silicon Valley culture, arming myself with insights and know-how that I can’t wait to share with you. Think of me as your personal guide in the intricate maze of technology. I specialize in translating the complex into the understandable, so you can turn knowledge into power. This isn’t just about staying in the loop; it’s about giving you the tools you need to excel in a digital age. When you’re looking for reliable tech insights, know that I’ve got your back.