Windows 10 News and info | Forum
August 24, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: 'Screwed Drivers' Report Finds Intel, AMD and Nvidia Vulnerabilities  (Read 87 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 30369


I Do Windows


WWW Email
« on: August 13, 2019, 11:29:02 AM »
ReplyReply

Researchers often give security vulnerabilities catchy names to help them attract more attention. Many of these monikers seem like nonsense--Heartbleed, Spectre, and Meltdown all sound more like emo bands than security flaws--but apparently the researchers at Eclypsium prefer to be a bit more direct. When the company revealed serious issues with more than 40 drivers on Saturday, it simply titled its report Screwed Drivers. (Catchy.)

Eclypsium said it found severe vulnerabilities in drivers from "every major BIOS vendor" as well as the likes of Asus, Toshiba, Nvidia, Intel, AMD, and Huawei, which is pretty bad news. But worse still was the company's realization that all of the insecure drivers had been signed by valid Certificate Authorities and certified by Microsoft. Eclypsium said this means the insecure drivers can be installed "on all modern versions" of Windows despite their flaws.

The company also explained that "there is currently no universal mechanism to keep a Windows machine from loading one of these known bad drivers" and that some features "specific to Windows Pro, Windows Enterprise and Windows Server may offer some protection to a subset of users." And that's only if administrators decide to use those features; otherwise, their Windows devices will allow the insecure drivers to be installed anyway.

Here's what Eclypsium said about the potential ramifications of these flaws:

"Vulnerable or outdated system and component firmware is a common problem and a high-value target for attackers, who can use it to launch other attacks, completely brick systems, or remain on a device for years gathering data, even after the device is wiped. To make matters worse, in this case, the very drivers and tools that would be used to update the firmware are themselves vulnerable and provide a potential avenue for attack."

More information about Eclypsium's discovery, including a Def Con presentation covering the Screwed Drivers report, can be found on the company's website. The advice for people worried about the security of their devices is the same as it is whenever other vulnerabilities are revealed: be vigilant about installing driver updates and regularly scan a system for potential threats. A partial list of vendors identified in Eclypsium's report is below.

ASRock

ASUSTeK Computer

ATI Technologies (AMD)

Biostar

EVGA

Getac

GIGABYTE

Huawei

Insyde

Intel

Micro-Star International (MSI)

NVIDIA

Phoenix Technologies

Realtek Semiconductor

SuperMicro

Toshiba

The security company said that drivers from other vendors were affected by these vulnerabilities as well. Eclypsium didn't reveal the identities of some companies because they "are still under embargo due to their work in highly regulated environments and will take longer to have a fix certified and ready to deploy to customers." That comes as little comfort when the list of affected vendors already reads like a whos-who of hardware makers.

source
« Last Edit: August 13, 2019, 11:34:23 AM by javajolt » Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page August 15, 2019, 09:59:12 AM