Microsoft Windows Drivers Found To Be Susceptible to Device Takeovers
VMware Carbon Black researchers have warned of alternations to firmware and system privileges.
- Researchers have identified 34 new vulnerable Windows drivers that could allow threat actors to manipulate system processes and even completely take over devices without detection by security software.
- The research specifically focused on the automation of the processes of identifying vulnerable drivers through port and memory-mapped I/O.
Security researchers at VMware Carbon Black have identified a large number of Windows Driver Frameworks (WDF) and Windows Driver Model (WDM) drivers that are vulnerable to threat actors that could leverage these drivers to execute code on the system and escalate their privileges on the system, without being detected by security software solutions.
The discovery comes from research built on studies such as POPKORN and ScrewedDrivers, primarily used at VMware Carbon Black to automate the identification of susceptible drivers that allowed access through memory-mapped and port I/O.
According to the research, out of 34 vulnerable drivers, 12 could be manipulated to affect mechanisms such as kernel address space layout randomization (KASLR). At the same time, six could grant access to kernel memory, allowing the elevation of privileges and circumventing conventional security solutions. In addition, seven of these drivers could be used to alter or delete firmware from flash memories, essentially making the device unusable.
Similar vulnerabilities have been exploited by groups such as the North Korea-backed Lazarus Group, which gained higher system privileges, disabling the security software of targets and operating compromised devices to avoid detection.
See More: Researchers Discover Prolific Puma’s Hidden Link Shortening Operations
Microsoft Announces New Cybersecurity Initiative
Even as Microsoft continues to grapple with serious security incidences, the tech giant has announced a new initiative aimed at countering cybercriminals and other nation-state actors. The project, known as the Secure Future Initiative, will rely extensively on artificial intelligence and automation to minimize cybersecurity risks.
The project is expected to change how the company designs, builds, tests, and implements its software products and services. It is touted as the most notable effort since the Security Development Lifecycle launched in 2004.
The project will largely focus on cloud services, minimizing the time it takes to eliminate vulnerabilities and improving its infrastructure to minimize the chances of encryption keys reaching unauthorized users.
The move gains importance as it comes soon after a major security breach that targeted its Azure platform, raising accusations of negligence against the company.
Do you think Microsoft is doing enough to improve cybersecurity? Let us know your thoughts on LinkedIn, X (Twitter), or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
