Eclypsium finds security flaws in Microsoft drivers

Researchers at the cybersecurity company Eclypsium have discovered security flaws in more than 40 controllers – or ‘drivers’ – for computers that had already been certified by Microsoft and that could allow attackers to take full control of the operating system and its ‘firmware’, being able to extend to other system components, such as graphics cards, network adapters, hard drives and other devices.

Eclypsium has published in a statement the result of its latest security analysis that reveals the existence of more than 40 vulnerable drivers for devices from at least 20 different vendors, including the most important BIOS, and those of ‘hardware’ ASUS, Toshiba , NVIDIA and Huawei.

The ‘drivers’ or controllers are an element present in all Windows computers that act as intermediaries between the core of the operating system and the devices or components of its ‘hardware’, which are necessary, for example, to work from printers to the computer motherboard.

Due to the security flaws found, the company ensures that intruders could “read, write, or redirect the stored, displayed or sent data on the network.” In addition, they claim that as many of the controllers are precisely designed to update the ‘firmware’, it not only provides the necessary privileges to control it, but also gives access to the mechanism that allows changes to be made.

Despite this, they ensure that if a vulnerable driver is not already installed in the operating system, it needs the administrator’s permission to be installed.

The company says that “all these vulnerabilities allow the controller to act as a proxy” to provide more privileged access to the sources of ‘hardware’, such as read and write, access to the processor and the chipset space Input / Output, Model of Specific Registers (MSR), Control of Registries (CR), Debug Registers (DR), physical memory and virtual memory of the ‘kernel’.

K. Tovar

Source: Bolsamania