The report published by Eclypsium revealed something disturbing. Drivers from almost 20 leading manufacturers, contain security gaps. They can give attackers full access to hardware that is not usually available even to administrators of a given environment.
Analysis has shown that the problem affects more than 40 of the latest drivers from nearly 20 leading manufacturers. The list includes, among others:
- ASUSTeK Computer
- ATI Technologies (AMD)
- Micro-Star International (MSI)
- Phoenix Tchnologies
- Realtek Semiconductor
Among them was every BIOS supplier and hardware manufacturer. What's worst about the whole thing is that all the vulnerable drivers have been certified by Microsoft, as if there was no problem with them.
Ordinary users have Ring 3 privileges. Malware can grant Ring 0 privileges to the attacker (and even to the user himself). This is the most privileged form that allows full access to the operating system, hardware interface and firmware.
Currently, we do not have any mechanism at our disposal that would allow us to effectively protect our computers. However, if you are extremely worried about your equipment, we have a few tips for you:
- Be careful what you install on your computer - especially drivers.
- Regularly scan your system for potential threats.
- Update the drivers to the latest version.
- Use Windows Defender Application Control (WDAC) to restrict access to certain functions.
Finally, it is worth noting that the report does not reveal all vendors whose software may have some gaps. Even if you do not own anything from the companies listed above, it is also worth following at least some of the above advice.
- Screwed Drivers - full report from Eclypsium
- Detailed description of risks in the form of presentation
- Malware Called „Agent Smith” Infects Over 25 Million Android Devices