Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Malware attacks to affect Windows PCs through faulty drivers

3 min. read

Published onAugust 12, 2019

published onAugust 12, 2019

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Security researchers found newvulnerabilitiesin more than 40driversthat have been certified byMicrosoft.

The problem is in thedrivercode that enables communication between the OS kernel and thehardware, providing a higher permission level than a normal user or an administrator.

The driver vulnerabilities could affect millions

The list ofhardwaremanufacturers affected include huge companies like Intel, Nvidia, Huawei, Toshiba, and Asus. Here’s how thecybersecurityteam at Eclypsium, who found thevulnerabilities,describe them:

All thesevulnerabilitiesallow thedriverto act as a proxy to perform highly privileged access to thehardwareresources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory. This is a privilege escalation as it can move an attacker from user mode (Ring 3) to OS kernel mode (Ring 0). The concept of protection rings is summarized in the image below, where each inward ring is granted progressively more privilege. It is important to note that even Administrators operate at Ring 3 (and no deeper), alongside other users. Access to the kernel can not only give an attacker the most privileged access available to the operating system, it can also grant access to thehardwareand firmware interfaces with even higher privileges such as the system BIOS firmware.

This means that the faultydriverscould allow malicious apps gain kernel privileges, affecting directly the firmware and thehardware. Furthermore, reinstalling the OS won’t solve the problem.

This is the case withBIOSand UEFI firmware that once affected, can’t be repaired by a OS reinstall.

All versions of Windows are affected

It’s worth mentioning that over 40driverswere affected, and the issue applies to all versions of Windows, not justWindows 10.

Microsoftis strongly advising its customers to use Windows Defender Application Control to block unknown software and to turn on memory integrity for capable devices in Windows Security.

Here’s thefull listof affected vendors:

Some of them have already deployed fixes, but others are still under embargo.

To keep your system safe, be sure to regularly scan for outdateddriversand install the latestdriverfixes from the aforementioned manufacturers.

To help you, we’ve prepareda guideon how to update outdateddrivers, so be sure to check it out.

READ ALSO:

More about the topics:Cybersecurity,windows 10

Vlad Turiceanu

Windows Editor

Passionate about technology,Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world.

Coming from a solid background in PC building and software development, with a complete expertise in touch-based devices, he is constantly keeping an eye out for the latest and greatest!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Vlad Turiceanu

Windows Editor

Coming from a solid background in PC building and software development, he’s a Windows 11 Privacy & Security expert.