Eclypsium specialists warn of a vulnerability in the Intel driver, which is widely used in many systems. Using this gap, hackers can penetrate deep into the attacked device.
In August, Eclypsium researchers identified serious vulnerabilities in more than 40 device drivers from 20 suppliers, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gigabyte, Huawei, Insyde, Intel, MSI, NVIDIA, Phoenix Technologies, Realtek, SuperMicro and Toshiba. The most widespread vulnerability was a bug in the Intel driver.We have discovered additional vulnerable drivers that are some of the most feature-rich we have seen to date, and which directly affect Intel-based devices”, — report Eclypsium specialists.
Exploiting a vulnerability affecting Intel’s powerful and widely used PMx driver could provide attackers with almost full access to the device. The problem is that the PMx driver can read and write to physical memory, simulate certain registries, manage them, IDT and GDT, and debug the registries. The driver can also access I/O and PCI.
This access level can provide an attacker with almost complete control over the victim’s device. And also to avoid detection using traditional security measures”, — the researchers note.
Ironically, Intel provides the driver as part of a tool provided to OEMs and their customers as part of the Flash Programming Tool for updating BIOS devices, as well as a set of tools to address a number of vulnerabilities related to Intel technology.
Read also: Some Intel processors are vulnerable to the new version of the Zombieload problem
These drivers are valid tools released by vendors to help manage or update devices, and as such were properly signed and would be trusted on almost any machine. Worse still, there is no universal mechanism to prevent a Microsoft OS from loading one of these bad drivers.
How to protect your device from a potential attack?
According to experts, the best way to prevent attacks is to block or blacklist vulnerable drivers. For example, Insyde (one of the companies whose drivers were recognized as vulnerable) contacted Microsoft and asked to block vulnerable versions of drivers through Windows Defender. According to Eclypsium, Insyde is the only supplier to take such action.
