Obsolete drivers: malicious code with more rights like the Admin

The risk of outdated and poor-quality drivers is very high.

It is known that outdated drivers pose a security risk. Because each update also updates new security patches and closes possible entry gates for hackers. But even poorly programmed driver code is a serious source of danger. And this is unfortunately widespread.

Major manufacturers are also affected

At DEF CON, the world’s largest hacking and computer security event, security firm Eclypsium showed how underestimated and widespread the threat of vulnerable driver code is. According to them, they found dangerous vulnerabilities in over 40 drivers from over 20 vendors – including big names like ASRock, ASUS, Biostar, Intel, Toshiba, NVIDIA, and Huawei:

https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/

https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf

Malicious code with all rights

The fatal thing about these vulnerabilities: Attacks that use this driver vulnerability are incomparably more effective and dangerous than normal hacker attacks because they can easily reach the core of the operating system. In this way, attackers can obtain ring-0 or kernel rights on a system and even anchor the malicious code in the BIOS. This gives you more rights and options than any system administrator. Security software then has no chance. Even a formatting of the hard disk, a new installation of the operating system or even an exchange of the hard disks is then ineffective.

Faulty drivers alone are not sufficient

For this to happen, another condition must be met in addition to the vulnerable driver (and there is currently enough of that in an average Windows system). There must be malicious code on the computer – whereby it is sufficient here if it is equipped only with simple “user rights”. It is only through the weak point of the driver that the “malicious code with limited possibilities” becomes this dangerous and almost invincible weapon, which de facto makes all your hardware unusable.

Obsolete Drivers: What You Can Do

The exact weaknesses of their drivers are now known to the manufacturers. The affected drivers were often the same programming error that will be fixed with the next driver update.

If you are using a driver from one of the following companies, do not miss the upcoming updates.

  • ASRock
  • ASUSTeK Computer
  • ATI Technologies (AMD)
  • Biostar
  • EVGA
  • Getac
  • GIGABYTE
  • Huawei
  • Insyde
  • Intel
  • Micro-Star International (MSI)
  • NVIDIA
  • Phoenix Technologies
  • Realtek Semiconductor
  • SuperMicro
  • Toshiba

In addition, there are other manufacturers and companies that have similarly vulnerable drivers on the market, or in many Windows systems. These have not yet been mentioned by Eclypsium. These are presumably companies whose drivers are used in sensitive areas – and hackers should not be animated additionally.

However, as a Windows user it is generally worthwhile to update all drivers in the coming weeks.

The SecuPerts Driver Updater provides information and helps

If you are using the SecuPerts Driver Updater, you should use it to regularly check that your drivers are up to date in the coming weeks. This is just one click and you save yourself the daily research on the manufacturer’s website. And you can be sure: As soon as there are new drivers and the security gaps are closed, you will be one of the first to know – and do the update with just a few clicks.