Shulou(Shulou.com)11/24 Report--

CTOnews.com, November 7 (Xinhua)-- VMware's threat Analysis Unit (TAU) recently found 34 Windows drivers with security concerns, including 237 files, some of which are old devices.

The security certificates of many of these drivers are in the state of "revoked" or "expired", but many enterprises in various industries still use old devices that contain these drivers.

TAU identified these problem drivers through static analysis automation scripts, of which 30 are WDM with firmware access, and there are 4 WDF drivers that give non-administrator users full control of the device.

Currently, the Win11 system defaults to Hypervisor-Protected Code Integrity (HVCI) to prevent problem drivers from loading, but the TAU team found that all but five problem drivers can be loaded normally.

According to the TAU team, attackers can take advantage of these problem drivers to erase or change the machine's firmware without system privileges, increase access privileges, disable security features, install antivirus bootkit, and so on.

Security agencies' current research on problem drivers is mainly focused on the older WDM model, but VMware analysts have detected that newer WDF drivers are also problematic.

The researchers then successfully verified the vulnerability, and the team created a proof-of-concept (PoC) driver of the AMD driver on the Win11 operating system that supports HVCI, which can run a command prompt (cmd.exe) with a "system integrity level".

Another PoC driver developed by the team successfully erased firmware on the Intel Apollo SoC platform.

Although researchers have reported a number of vulnerable drivers, TAU says their new analysis method is sufficient to find new problem drivers that still have valid signatures.

Microsoft is currently trying to solve the problem through the "forbidden list" approach, and TAU is also trying to come up with a more comprehensive and better protection solution.

CTOnews.com is here to attach a link to the original report, which can be read in depth by interested users.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.