2023-11-04 11:46:00
A VMware Carbon Black threat researcher discovered and documented 34 vulnerabilities in legacy device drivers for Windows that might allow attackers to gain complete control of the system. The flaws affect drivers from companies such as Intel, AMD, Nvidia, Dell and Phoenix Technologies.
The vulnerabilities are in software drivers, BIOS or operating system for legacy devices, leaving the system exposed to multiple attack vectors that can allow malicious actors to execute malicious code, change system privileges and delete some I/O instructions, among others. other possibilities.
Researcher Takahiro Hauryama has provided proofs of concept for some of the vulnerabilities on his blog and on Github. He also contacted responsible vendors to coordinate fixes. The expert showed that an unprivileged user can run cmd.exe with a system integrity level exploiting Windows 11 with HVCI (Hypervisor-protected Code Integrity).
According to him, Phoenix Technologies and AMD have already fixed vulnerabilities in two of the drivers whose signatures were still valid. Intel also fixed the flaw found in the stdcdrv64.sys driver. Windows users should make sure their drivers are up to date and have valid certificates.
They should also avoid downloading drivers from untrusted sources or disabling hypervisor code protection (HVCI), which can prevent malicious drivers from running.
1699122312
#Researcher #discovers #security #flaws #related #Windows #drivers
