Over at the DEF CON event in Las Vegas, security researchers from Eclypsium disclosed that they discovered that over 40 Windows drivers contain vulnerabilities that can result in escalation of privilege. The list of affected companies includes ASRock, ASUS, Biostar, EVGA, Gigabyte, Huawei, Intel, MSI, NVIDIA, Phoenix Technologies, Realtek, SuperMicro, and Toshiba.
Eclypsium also highlights that all of these drivers have been certified by Microsoft.
Our analysis found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft. Since the presence of a vulnerable driver on a device can provide a user (or attacker) with improperly elevated privileges, we have engaged Microsoft to support solutions to better protect against this class of vulnerabilities, such as blacklisting known bad drivers.
Malicious software could use these vulnerabilities to gain kernel privileges. This means an attacker first needs to find a different vector to gain access to your system. Microsoft will be taking measures to block blacklisted drivers that are reported to them.