De gekke striplezer Posted August 14, 2019 Share Posted August 14, 2019 Drivers die door Microsoft zijn goedgekeurd voor gebruik met Windows zijn in heel wat gevallen toch niet veilig. Er werden gebreken gevondne in meer dan 40 drivers van minstens 20 verschillende hardwarebedrijven. DIe drivers werden door die bedrijven aan MS aangeboden, en MS zei na controle dat ze veilig waren. Er is “access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory. This is a privilege escalation as it can move an attacker from user mode (Ring 3) to OS kernel mode (Ring 0).” Door de fouten kan zelfs de UEFI worden aangetast, zelfs na herinstalleren van het OS. Elke geteste driver was ondertekend door een Certificate Authority en had goedkeuring van Microsoft Dat moet zowat her ersgst veiligheidsschandaal zijn sinds die veiligheidsproblemen met microprocessors van Intel en Amd van een jaar of twee, dire geleden. bron: https://techreport.com/news/3464493/signed-windows-drivers-apparently-shouldnt-be/ Eclypsium, an Oregon security company, claims that drivers on Microsoft’s Windows platform are a security mess. Who could have guessed? Their researchers found serious flaws in more than 40 drivers from at least 20 different hardware vendors. Apparently every single one of these vulnerabilities allows the driver to hand over “access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory. This is a privilege escalation as it can move an attacker from user mode (Ring 3) to OS kernel mode (Ring 0).” Basically, complete control of the impacted machine. Not only that, these potentially allow malware to compromise your UEFI and persist across an operating system re-installation. They also add that not only do these drivers provide the necessary access, they also provide the mechanism to make changes. Scary stuff. What’s perhaps most interesting is that every driver they tested was signed by a Certificate Authority and had Microsoft’s stamp of approval on them. Tie that to the fact that you can no longer block updates on Home versions of Windows 10, and you’ve got one heck of a potentially serious problem. In other words, these impacted problematic drivers are almost certainly going to be installed on possibly millions of PCs. If you were thinking that you can just stick with Windows 7 to be safe from these vulnerabilities, sadly, all modern versions of Windows are impacted. You can block updates on Windows 7, however, that’s likely not a solution since there is a good chance you’re already running problematic drivers. You may also be later to receive a patch for older versions of Windows as the newest version is prioritized. How Windows Administrators feel about this issue Which Drivers? Issues were found in the code from every single major BIOS vendor, meaning your chances of avoiding these flaws are pretty dang low. Not only BIOS’ have issues though, they found problems with the following companies drivers: ASRock ASUSTeK Computer ATI Technologies (AMD) Biostar EVGA Getac GIGABYTE Huawei Insyde Intel Micro-Star International (MSI) NVIDIA Phoenix Technologies Realtek Semiconductor SuperMicro Toshiba This list is not exhaustive, and they say other firms are still under embargo at this point. That’s quite a few companies, and what this author finds concerning is that the UK has for years been saying that Huawei isn’t spying on the UK, instead they just have poorly written insecure code. While I’m not a security expert, this would suggest that these problems exist for more companies than just Huawei, and perhaps we need to re-examine security across the entire ecosystem. These vulnerabilities seem to demonstrate a complete failure of everyone involved in the PC world. Keep an eye out for BIOS/UEFI and driver updates over the next few months as your gear hopefully gets patched. Sweatshopking Quote -------------------------- Niets staat in de weg! Link to comment
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.