Faulty Driver Coding Exposes Microsoft Windows to Malware Risks

[sman]

Faulty Driver Coding Exposes Microsoft Windows to Malware Risks

"https://www.technewsworld.com/story/86187.html"

Numerous driver design flaws by 20 different hardware vendors expose Microsoft Windows users to widespread security compromises that can cause persistent malware attacks.

A report titled "Screwed Drivers," which Eclypsium security researchers presented at DEF CON last weekend, urges Microsoft to support solutions to better protect against this class of vulnerabilities.

Microsoft should blacklist known bad drivers, it recommends.

The insecure drivers problem is widespread, Eclypsium researchers found, with more than 40 drivers from at least 20 different vendors threatening the long-term security of the Windows operating system.

The design flaws exist in drivers from every major BIOS vendor, including hardware vendors Asus, Toshiba, Nvidia and Huawei, according to the report.

The research team discovered the coding issues and their broader impacts while pursuing an ongoing hardware and firmware security study involving how attackers can abuse insecure software drivers in devices.

"Since our area of main focus is hardware and firmware security, we naturally gravitated into looking at Windows firmware update tools," said Mickey Shkatov, principal researcher at Eclypsium.

"Once we started the process of exploring the drivers these tools used we kept finding more and more of these issues," he told the E-Commerce Times.

The driver design flaws allow attackers to escalate user privilege so they can access the OS kernel mode. That escalation allows the attacker to use the driver as a proxy to gain highly privileged access to the hardware resources, according to the report. It opens read and write access to processor and chipset I/O space, model specific registers (MSR), control registers (CR), debug registers (DR), physical memory and kernel virtual memory.

"Microsoft has a strong commitment to security and a demonstrated track record of investigating and proactively updating impacted devices as soon as possible. For the best protection, we recommend using Windows 10 and the Microsoft Edge browser," a Microsoft spokesperson said in comments provided to the E-Commerce Times by company rep Rachel Tougher.