Researchers at Eclypsium have found serious issues with more than 40 drivers from every major BIOS vendor. This piece of information was revealed on August 10th, and these vulnerabilities were given the name ‘Screwed Drivers’. Pretty aberrant from the usual names given to security faults nowadays.

These severe vulnerabilities were found in drivers from vendors the likes of Asus, Toshiba, NVIDIA, Intel and AMD. What makes it worse is that all of these insecure drivers were signed by valid certificate authorities and was also certified by Microsoft. These vulnerable drivers can be installed on all versions of Microsoft, and there is currently no mechanism to keep a Windows machine from loading one of these bad drivers.

Some features specific to Windows Pro, Windows Enterprise and Windows server offer protection to its users, and that’s only if admins decide to enable those features. They’re disabled by default allowing vulnerabilities to enter anyway. All of these vulnerabilities allow the drivers to act as a proxy to provide highly privileged access to the hardware resources. This escalates the privileges of an attacker moving him from user mode to OS kernel mode.

Eclypsium security vulnerabilities
Vulnerabilities

Here’s what Eclypsium had to add:

“Vulnerable or outdated system and component firmware is a common problem and a high-value target for attackers, who can use it to launch other attacks, completely brick systems, or remain on a device for years gathering data, even after the device is wiped. To make matters worse, in this case, the very drivers and tools that would be used to update the firmware are themselves vulnerable and provide a potential avenue for attack.”

Here is a partial list of vendors identified by Eclypsium:

  • ASRock
  • ASUSTeK Computer
  • ATI Technologies (AMD)
  • Biostar
  • EVGA
  • Getac
  • GIGABYTE
  • Huawei
  • Insyde
  • Intel
  • Micro-Star International (MSI)
  • NVIDIA
  • Phoenix Technologies
  • Realtek Semiconductor
  • SuperMicro
  • Toshiba

There are a few more companies whose names hadn’t been revealed because they’re still under “embargo due to their work in highly regulated environments and will take longer to have a fix certified and ready to deploy to customers.” More information can be found in the Eclypsium presentation on the website. The general consensus on how to battle these vulnerabilities is this: be aware while installing driver updates and regularly scan a system for potential malware.

Further Reading:

Leave a Reply