Goedgekeurde drivers van Microsoft TOCH onveilig

[De gekke striplezer]

Drivers die door Microsoft zijn goedgekeurd voor gebruik met Windows zijn in heel wat gevallen toch niet veilig.

 

Er werden gebreken gevondne in meer dan 40 drivers van minstens 20 verschillende hardwarebedrijven.

 

DIe drivers werden door die bedrijven aan MS aangeboden, en MS zei na controle dat ze veilig waren.

 

Er is “access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory. This is a privilege escalation as it can move an attacker from user mode (Ring 3) to OS kernel mode (Ring 0).”

 

Door de fouten kan zelfs de UEFI worden aangetast, zelfs na herinstalleren van het OS.

 

Elke geteste driver was ondertekend door een Certificate Authority en had goedkeuring van Microsoft

 

Dat moet zowat her ersgst veiligheidsschandaal zijn sinds die veiligheidsproblemen met microprocessors van Intel en Amd van een jaar of twee, dire geleden.

 

 

bron: https://techreport.com/news/3464493/signed-windows-drivers-apparently-shouldnt-be/

 

Eclypsium, an Oregon security company, claims that drivers on Microsoft’s Windows platform are a security mess. Who could have guessed? Their researchers found serious flaws in more than 40 drivers from at least 20 different hardware vendors. Apparently every single one of these vulnerabilities allows the driver to hand over “access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory. This is a privilege escalation as it can move an attacker from user mode (Ring 3) to OS kernel mode (Ring 0).” Basically, complete control of the impacted machine. Not only that, these potentially allow malware to compromise your UEFI and persist across an operating system re-installation. They also add that not only do these drivers provide the necessary access, they also provide the mechanism to make changes. Scary stuff.

What’s perhaps most interesting is that every driver they tested was signed by a Certificate Authority and had Microsoft’s stamp of approval on them. Tie that to the fact that you can no longer block updates on Home versions of Windows 10, and you’ve got one heck of a potentially serious problem. In other words, these impacted problematic drivers are almost certainly going to be installed on possibly millions of PCs. If you were thinking that you can just stick with Windows 7 to be safe from these vulnerabilities, sadly, all modern versions of Windows are impacted. You can block updates on Windows 7, however, that’s likely not a solution since there is a good chance you’re already running problematic drivers. You may also be later to receive a patch for older versions of Windows as the newest version is prioritized.

How Windows Administrators feel about this issue
Which Drivers?

Issues were found in the code from every single major BIOS vendor, meaning your chances of avoiding these flaws are pretty dang low. Not only BIOS’ have issues though, they found problems with the following companies drivers:

    ASRock
    ASUSTeK Computer
    ATI Technologies (AMD)
    Biostar
    EVGA
    Getac
    GIGABYTE
    Huawei
    Insyde
    Intel
    Micro-Star International (MSI)
    NVIDIA
    Phoenix Technologies
    Realtek Semiconductor
    SuperMicro
    Toshiba

This list is not exhaustive, and they say other firms are still under embargo at this point. That’s quite a few companies, and what this author finds concerning is that the UK has for years been saying that Huawei isn’t spying on the UK, instead they just have poorly written insecure code. While I’m not a security expert, this would suggest that these problems exist for more companies than just Huawei, and perhaps we need to re-examine security across the entire ecosystem. These vulnerabilities seem to demonstrate a complete failure of everyone involved in the PC world. Keep an eye out for BIOS/UEFI and driver updates over the next few months as your gear hopefully gets patched.

Sweatshopking

[Gast Kameraad Mauser]

https://www.linux.org/

[Aeaipejdziasm]

Dat klopt niet helemaal.

Dat certificaat van MS voor die drivers is geen kwaliteitscertificaat, maar een certificaat van oorpsprong.

Het dietn alleen maar om aan te tonen dat als je een driver installeert van ASUS hij van ASUS is en niet van iets dat zichuitgeeft voor ASUS.

Maar MS controleert niet op bugs en ook niet op de veiligheid.

 

Anderzijds heb je wel gelijkt dat het nit zou zijn mogen toegelaten dat die drivers onveilig zijn.

Windows 10 bestaat sinds 2015, en er zijn nog altijd veilighedsupdates.

Het is een typisch gebrek van de informatica om producten op de markt te brengen met bugs en gebreken. We aanvaarden dat veel te gemakkelijk. Dat de informatica daarmee wegkomt, is eigenlijk onvoorstelbaar.