AppsTech

Windows Signed drivers – Exploited

A design flaw in device drivers allows a security breach in Microsoft Windows

Do you think your PC and your data is safe? You should think again!

A recent study shows that there is a flaw wich allows malware to gain access to critical parts of windows kernel. Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host.

As shown at DEF CON , a vulnerable driver installed on machine could allow an application running  with user privileges to escalate to kernel privileges and abuse the functionality of the driver. In a simpler words, attacker can gain full control over the system using signed driver.

Signed and Certified doesn’t mean SAFE

All the drivers that are affected are signed by valid Certificate Authorities, and trusted  by Microsoft. These issues apply to all modern versions of Microsoft Windows and there is no universal mechanism just yet to keep a Windows machine from loading one of these known bad drivers

This is the list of affected vendors :

  • ASRock
  • ASUSTeK Computer
  • ATI Technologies (AMD)
  • Biostar
  • EVGA
  • Getac
  • GIGABYTE
  • Huawei
  • Insyde
  • Intel
  • Micro-Star International (MSI)
  • NVIDIA
  • Phoenix Technologies
  • Realtek Semiconductor
  • SuperMicro
  • Toshiba

How to protect your data?

I would strongly suggest of installing professional antivirus, like Kaspersky or ESET to your system, and maybe setup group policy that can be implemented for business and prevent installation of those corrupted drivers with it.

There is no other alternative. We need to wait for yet another windows update release.

Tags
Show More

Ivan Basic

If you wish to contact me , you can send me an email.
Back to top button

Close
Close