Serious vulnerabilities in NVIDIA, AMD and Intel Drivers


Researchers at Eclypsium have found serious issues with more than 40 drivers from every major BIOS vendor. This piece of information was revealed on August 10th, and these vulnerabilities were given the name ‘Screwed Drivers’. Pretty aberrant from the usual names given to security faults nowadays.

These severe vulnerabilities were found in drivers from vendors the likes of Asus, Toshiba, NVIDIA, Intel and AMD. What makes it worse is that all of these insecure drivers were signed by valid certificate authorities and was also certified by Microsoft. These vulnerable drivers can be installed on all versions of Microsoft, and there is currently no mechanism to keep a Windows machine from loading one of these bad drivers.

Some features specific to Windows Pro, Windows Enterprise and Windows server offer protection to its users, and that’s only if admins decide to enable those features. They’re disabled by default allowing vulnerabilities to enter anyway. All of these vulnerabilities allow the drivers to act as a proxy to provide highly privileged access to the hardware resources. This escalates the privileges of an attacker moving him from user mode to OS kernel mode.

Eclypsium security vulnerabilities

Here’s what Eclypsium had to add:

“Vulnerable or outdated system and component firmware is a common problem and a high-value target for attackers, who can use it to launch other attacks, completely brick systems, or remain on a device for years gathering data, even after the device is wiped. To make matters worse, in this case, the very drivers and tools that would be used to update the firmware are themselves vulnerable and provide a potential avenue for attack.”

Here is a partial list of vendors identified by Eclypsium:

  • ASRock
  • ASUSTeK Computer
  • ATI Technologies (AMD)
  • Biostar
  • EVGA
  • Getac
  • Huawei
  • Insyde
  • Intel
  • Micro-Star International (MSI)
  • Phoenix Technologies
  • Realtek Semiconductor
  • SuperMicro
  • Toshiba

There are a few more companies whose names hadn’t been revealed because they’re still under “embargo due to their work in highly regulated environments and will take longer to have a fix certified and ready to deploy to customers.” More information can be found in the Eclypsium presentation on the website. The general consensus on how to battle these vulnerabilities is this: be aware while installing driver updates and regularly scan a system for potential malware.

Further Reading:

Leave a Reply

Latest posts

Dirty Laundry in Space? NASA is Sending Tide Detergent to Space

What about laundry in space? Tide detergent is partnering with NASA to find a laundry solution to help keep astronauts’ clothes fresh in space. Find out how.

Poco F3 GT with 120Hz AMOLED, Dimensity 1200 and 64MP Camera Launched in India – Starts at Rs. 25,999

Poco today announced the much-awaited Poco F3 GT, successor to 2019's Poco F1. Like every other Poco smartphone, the F3 GT is also a...

Deep-Sea Robots Launched by Titanic Discoverer Bob will Help Find Millions of Shipwrecks

Titanic discoverer Bob Ballard, a marine archaeologist, is creating a new class of deep-sea robots that will transform the search for lost shipwrecks.

Loading Next Article