Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Bug Security Microsoft Windows

Researchers Find More Than 40 Vulnerable Windows Device Drivers (eclypsium.com) 16

Artem S. Tashkinov writes: Researchers from security company Eclypsium have discovered that more than forty drivers from at least twenty different vendors -- including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei -- include critical vulnerabilities allowing an escalation of privileges to full system level access.

Considering how widespread these drivers are, and the fact that they are digitally signed by Microsoft, they allow an attacker to more successfully penetrate target systems and networks, as well as remain hidden. Also while some of these drivers "are designed to update firmware, the driver is providing not only the necessary privileges, but also the mechanism to make changes" which means the attacker can gain a permanent foothold. Eclypsium has already notified Microsoft about the issues and at least NVIDIA has already released fixed drivers.

This discussion has been archived. No new comments can be posted.

Researchers Find More Than 40 Vulnerable Windows Device Drivers

Comments Filter:
  • That's all?
    • Re:More than 40? (Score:4, Informative)

      by UltraZelda64 ( 2309504 ) on Sunday August 11, 2019 @03:41PM (#59077128)

      No one's counting out 140. Or even 1,040. All we know is that the number is "more than 40." That doesn't exactly say much.

    • Re:More than 40? (Score:4, Insightful)

      by Cipheron ( 4934805 ) on Sunday August 11, 2019 @07:15PM (#59077620)

      This one group *found* new vulnerabilities in 40+ drivers. That's very different to saying that only those 40 drivers have any vulnerabilities.

      Personally, I have discovered zero vulnerabilities in any drivers, but I wouldn't conclude from that that all drivers are vulnerability free, because I'm just one guy and I'm not exactly looking for them. From just the summary we don't know how big the group is, how long they looked, or how many total drivers they looked at.

  • ...and provide fixes.

  • NVIDIA (Score:5, Insightful)

    by jmccue ( 834797 ) on Sunday August 11, 2019 @04:42PM (#59077246) Homepage
    Nice, they are on the list, probably means their driver for Linux is also a POS. Closed source as it's best
  • by blahplusplus ( 757119 ) on Sunday August 11, 2019 @05:59PM (#59077444)

    ... making drivers and device apps require login in order to function or send spying data back to companies might cause security risks. We really need some laws against privacy invading software in the OS and drivers.

    This software as a service bullshit has gotten way out of hand. This idea we don't own what we buy because of bs IP laws bribed into being by large software corporations before the internet was a thing need to go.

  • by LordWabbit2 ( 2440804 ) on Sunday August 11, 2019 @07:16PM (#59077622)
    A lot of the reporting I am seeing in mainstream media is blaming Windows 10, glad to see Slashdot got it right and is blaming the third party vendors who wrote shit drivers.
  • by toonces33 ( 841696 ) on Sunday August 11, 2019 @08:03PM (#59077742)

    More updates. Something else to look forward to.

    • Yep, BIOS? UEFI? I wonder if this will be a forced update. Do they call it "UEFI" when it does something wonderful and "BIOS" when it blows moose? Oh well, it's just a driver, what could possibly go wrong?
  • windows' weak spot (Score:5, Insightful)

    by sad_ ( 7868 ) on Monday August 12, 2019 @04:45AM (#59078354) Homepage

    is this a surprise to anybody?
    windows drivers have always been the weak spot of the windows system, causing many bsod.
    if the drivers are already so bad stability wise, why would you think their security design would be any better?

  • Designed by the hardware manufacturer to give the best performance possible

    Security is not a design requirement, so it does not matter ...

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...