[ad_1]
Eclypsium, an Oregon security company, says the drivers on Microsoft's Windows platform are a mess of security. Who could have guessed? Their researchers have discovered serious flaws in more than 40 pilots from at least 20 different hardware vendors. Apparently, each of these vulnerabilities allows the driver to deliver "Access to hardware resources, such as read and write rights to processor and chipset I / O space, model-specific registers (MSRs), control registers (CRs), debug registers (DR), physical memory, and kernel virtual memory. This is an elevation of privilege because it can escalate an attacker from user mode (Ring 3) to kernel mode of the operating system (Ring 0)."Basically, total control of the machine impacted. Additionally, they potentially allow malware to compromise your UEFI and persist throughout the operating system reinstallation. They also add that not only do these drivers provide the necessary access, but they also provide the mechanism for making changes. Scary things.
Perhaps the most interesting is that all the drivers they tested have been signed by a CA and have Microsoft approval. Link this to the fact that you can no longer block updates on home versions of Windows 10 and you have a potentially serious problem. In other words, these problematic factors impacted are almost certainly Go to install on possibly millions of PCs. If you thought you could stick to Windows 7 to avoid these vulnerabilities, unfortunately, all modern versions of Windows are concerned. You can block updates on Windows 7, but this is probably not a solution because it is likely that you are already using problematic drivers. You may also later receive a patch for older versions of Windows because the most recent version is prioritized.
What Windows administrators think of this problem
Which pilots?
Problems have been detected in the code of all major BIOS providers, which means that your chances of avoiding these problems are rather low. Not only the BIOS has problems, it also has problems with the following drivers:
- ASRock
- ASUSTeK computer
- ATI Technologies (AMD)
- Biostar
- EVGA
- Getac
- GIGABYTE
- Huawei
- Insyde
- Intel
- Micro-Star International (MSI)
- NVIDIA
- Phoenix Technologies
- Realtek Semiconductor
- SuperMicro
- Toshiba
Apple users today
This list is not exhaustive and other companies are still embargoed. It's pretty few companies, and what the author is concerned about is that the UK has been saying for years that Huawei is not spying on the UK, but just writing a code Insecure. Although I am not a security expert, this would suggest that these problems exist for more companies than Huawei, and perhaps we need to re – examine security in the entire ecosystem. These vulnerabilities seem to demonstrate a complete failure of everyone involved in the PC world. Watch for BIOS / UEFI updates and drivers over the next few months to have your hardware repaired hopefully.
Update: changed title to better represent the situation.
Source link