The extent of the risk posed by outdated and poor-quality drivers for your devices
It's well known that outdated drivers pose a security risk to your Windows device. Every update brings new security patches and updates, closing potential entry points for hackers. However, poorly programmed new driver code is also a serious source of danger, and unfortunately, it's widespread.
Even major manufacturers are affected
At DEF CON, the world's largest hacking and computer security event, security firm Eclypsium demonstrated how underestimated and yet widespread the danger of vulnerable driver code is, even for new Windows devices. According to their presentation, they found dangerous vulnerabilities in over 40 drivers from more than 20 manufacturers – including big names such as ASRock, ASUS, Biostar, Intel, Toshiba, NVIDIA, and Huawei:
https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/
Malicious code with full privileges
What's critical and new about these vulnerabilities is that attacks carried out through these driver security holes are incomparably more effective and dangerous than normal hacker attacks, as they can easily reach the core of the operating system. In this way, attackers can gain Ring-0 or kernel privileges on a system and even embed malicious code in the BIOS. They then have more privileges and capabilities than any Windows system administrator. Security software is then helpless. Even formatting the hard drive, reinstalling the operating system, or even replacing the hard drive will be ineffective.
Simply updating faulty drivers is not enough
For this to happen, another condition must be met in addition to the vulnerable driver (and there are currently enough of those in an average Windows system). Malicious code must be present on the computer – although it is completely sufficient if it only has simple "user rights." It is only through the driver vulnerability that "malicious code with limited capabilities" becomes this dangerous and almost invincible weapon, which de facto renders your entire hardware unusable.
Updating outdated drivers: What you can do
The exact vulnerabilities of their drivers are now known to the manufacturers. The affected drivers often involved the same programming error, which will be automatically fixed with the next driver update or installation.
So, if you use a driver from one of the following companies, be sure to click the upcoming update(s) for your device to avoid problems.
- ASRock
- ASUSTeK Computer
- ATI Technologies (AMD)
- Biostar
- EVGA
- Getac
- GIGABYTE
- Huawei
- Insyde
- Intel
- Micro-Star International (MSI)
- NVIDIA
- Phoenix Technologies
- Realtek Semiconductor
- SuperMicro
- Toshiba
In addition, there are other manufacturers and companies that have similarly vulnerable drivers for Windows devices on the market or installed in many systems. However, these have not yet been named by Eclypsium. These are presumably companies whose drivers are used in sensitive areas – and hackers should not be further encouraged.
As a Windows user, it is generally worthwhile to update all drivers in the coming weeks. Search for the appropriate update for your device. While you're at it, check in an update manager or another tool whether a Windows Update or an update for your operating system is also pending – and execute that as well to avoid problems.
The SecuPerts Driver Updater provides information and help
If you use the SecuPerts Driver Updater, you should use it to check the currency of your drivers. This is just one click, and you save yourself the daily research on manufacturers' websites.
And you can be sure: if a driver is new and the security vulnerabilities have been closed by the manufacturer, you'll be among the first to know – and automatically perform the update or updates for Windows with just a few clicks. Without having to do anything manually, the necessary drivers are downloaded directly to your computer – including the update. You don't have to select anything, click any function, search for anything in Device Manager, read any instructions, install any hardware, update any programs/software yourself, or perform any installation of updates for your device yourself. The Driver Updater handles the driver update completely automatically.
