Endpoint/Device Security, Vulnerability Management

Potentially exploitable kernel drivers emerge

Threat actors could leverage 34 newly identified vulnerable Windows Driver Model and Windows Driver Framework drivers to facilitate system process manipulation, persistence, and total device takeovers without being detected by security software, according to SecurityWeek. Exploitation of the vulnerable drivers, some of which are from the leading chip, PC, and BIOS manufacturers, is possible without system privileges, a report from VMware Carbon Black's Threat Analysis Unit revealed. "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges," said researchers. While all developers of the flawed WDM and WDF drivers have been informed regarding the security issue, only Advanced Micro Devices and Phoenix Technologies have addressed the vulnerability. Aside from issuing proof-of-concept exploits for numerous of the identified drivers, VMware has also unveiled an IDAPython script, which enabled the automated discovery of problematic drivers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.