Eclypsium, an Oregon security company, claims that drivers on Microsoft’s Windows platform are a security mess. Who could have guessed? Their researchers found serious flaws in more than 40 drivers from at least 20 different hardware vendors. Apparently every single one of these vulnerabilities allows the driver to hand over “access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory. This is a privilege escalation as it can move an attacker from user mode (Ring 3) to OS kernel mode (Ring 0).” Basically, complete control of the impacted machine. Not only that, these potentially allow malware to compromise your UEFI and persist across an operating system re-installation. They also add that not only do these drivers provide the necessary access, they also provide the mechanism to make changes. Scary stuff.
What’s perhaps most interesting is that every driver they tested was signed by a Certificate Authority and had Microsoft’s stamp of approval on them. Tie that to the fact that you can no longer block updates on Home versions of Windows 10, and you’ve got one heck of a potentially serious problem. In other words, these impacted problematic drivers are almost certainly going to be installed on possibly millions of PCs. If you were thinking that you can just stick with Windows 7 to be safe from these vulnerabilities, sadly, all modern versions of Windows are impacted. You can block updates on Windows 7, however, that’s likely not a solution since there is a good chance you’re already running problematic drivers. You may also be later to receive a patch for older versions of Windows as the newest version is prioritized.
How Windows Administrators feel about this issue
Issues were found in the code from every single major BIOS vendor, meaning your chances of avoiding these flaws are pretty dang low. Not only BIOS’ have issues though, they found problems with the following companies drivers:
- ASUSTeK Computer
- ATI Technologies (AMD)
- Micro-Star International (MSI)
- Phoenix Technologies
- Realtek Semiconductor
Apple Users Today
This list is not exhaustive, and they say other firms are still under embargo at this point. That’s quite a few companies, and what this author finds concerning is that the UK has for years been saying that Huawei isn’t spying on the UK, instead they just have poorly written insecure code. While I’m not a security expert, this would suggest that these problems exist for more companies than just Huawei, and perhaps we need to re-examine security across the entire ecosystem. These vulnerabilities seem to demonstrate a complete failure of everyone involved in the PC world. Keep an eye out for BIOS/UEFI and driver updates over the next few months as your gear hopefully gets patched.
Update: tweaked title to more accurately represent the situation.