Researchers from a cybersecurity company Eclypsium revealed that more than 40 different Windows drivers contain poor code and could be exploited for mounting an escalation of privilege attacks. What’s even more concerning is the fact that these drivers come from Microsoft-certified vendors and thus have been approved by Microsoft.
Since these drivers affect all versions of Windows and include major BIOS vendors and hardware manufacturers like NVIDIA, Intel, Toshiba, ASUS and Huawei, millions of users are at risk.
Security experts from Eclypsium also warned that such drivers pose a huge threat as they might allow malicious apps to gain kernel privileges at a user level with direct access to hardware and firmware. All of this could result in malware being installed directly into the firmware and with this done, even reinstalling Windows would not be sufficient to get rid of it.
The Eclypsium also noted that drivers provide a mechanism to make changes to the system. In other words, if a vulnerable driver is already present on the system, a malware app should only search for it in order to elevate privileges. On the other hand, if the driver is not present in the system, a malicious app could bring the driver with it but then it would need administrator approval to install new drivers.
To protect its customers, Microsoft will be using Hypervisor-enforced Code Integrity (HVCI) to blacklist drivers reported to them. Unfortunately, this feature is only available on the 7th generation and later Intel processors. Therefore, Microsoft advises users to use Windows Defender Application Control to block known vulnerable software and drivers. The company also advises customers to protect themselves even more by turning on memory integrity for capable devices in Windows Security.
A complete list of all the vendors who have already updated their drivers can be found on the Eclypsium blog.