Do you think your PC and your data is safe? You should think again!
A recent study shows that there is a flaw wich allows malware to gain access to critical parts of windows kernel. Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host.
As shown at DEF CON , a vulnerable driver installed on machine could allow an application running with user privileges to escalate to kernel privileges and abuse the functionality of the driver. In a simpler words, attacker can gain full control over the system using signed driver.
Signed and Certified doesn’t mean SAFE
All the drivers that are affected are signed by valid Certificate Authorities, and trusted by Microsoft. These issues apply to all modern versions of Microsoft Windows and there is no universal mechanism just yet to keep a Windows machine from loading one of these known bad drivers
This is the list of affected vendors :
- ASRock
- ASUSTeK Computer
- ATI Technologies (AMD)
- Biostar
- EVGA
- Getac
- GIGABYTE
- Huawei
- Insyde
- Intel
- Micro-Star International (MSI)
- NVIDIA
- Phoenix Technologies
- Realtek Semiconductor
- SuperMicro
- Toshiba
How to protect your data?
I would strongly suggest of installing professional antivirus, like Kaspersky or ESET to your system, and maybe setup group policy that can be implemented for business and prevent installation of those corrupted drivers with it.
There is no other alternative. We need to wait for yet another windows update release.
