11
Signed, Certified, But Still Vulnerable – Flaws Discovered in 40 Kernel Drivers from 20 Different Vendors

Signed, Certified, But Still Vulnerable – Flaws Discovered in 40 Kernel Drivers from 20 Different Vendors

5 years ago
Anonymous $ZuTig1gZkQ

https://wccftech.com/signed-certified-vulnerable-flaws-discovered-in-40-kernel-drivers/

At the DEF CON 27 security conference in Las Vegas, security researchers from around the world shared some of the most damning exploits in the industry. One such report came from Eclypsium researchers revealing design flaws in more than 40 kernel drivers from 20 different vendors potentially affecting millions of Windows users.

“Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host,” the researchers wrote. They added that “the problem of insecure drivers is widespread” as it at least affects over 40 drivers from different vendors.