Microsoft appears to have overlooked an important security factor for Windows-based devices.
According to reports, insecure drivers may be loaded on devices using Windows Update.
Collectively, researchers have noted that the existing processes do not function as planned.
According to reports, Microsoft was unable to keep Windows safe from rogue drivers. The business has claimed that their Windows Update method prevents vulnerable drivers from being installed, but a publication has shown that this is untrue by demonstrating that the list of impacted drivers was not updated in a timely manner. Let’s examine what transpired in more depth. As a result, millions of consumers were left unprotected against a newer malware attack tactic known as BYOVD, which stands for “brings your own vulnerable driver.”
HACKERS ARE EXPLOITING MALFUNCTIONING COMPUTER DRIVERS TO GET ACCESS TO SYSTEMS
Drivers are often software programs that facilitate a computer’s interaction with peripheral devices, including printers, cameras, and graphics cards. To complete a particular task, they serve as a conduit between the operating system’s core and the hardware. Drivers frequently need access to the kernel, the most private component of an operating system, throughout this process.
Microsoft forbids drivers from unreliable sources from accessing the kernel in order to prevent unauthorized access. To circumvent Microsoft’s security measures, hackers and other bad actors are increasingly exploiting “legal drivers” that include memory corruption vulnerabilities. These drivers have given hackers access to the kernel and given them control of users’ devices. This method of employing legitimate but hacked drivers is known as The method has been in use since 2012.
MICROSOFT SHOULD HAVE UPDATED THE LIST OF BLOCKED DRIVERS THREE YEARS AGO
Microsoft has been working on countermeasures to thwart these assaults, primarily by developing methods to prevent Windows from loading signed-but-vulnerable drivers, according to a study by ArsTechnica. However, the article also adds that Microsoft’s strategy did not work successfully. The list of compromised or impacted drivers has not been updated by Microsoft Windows Update, giving malicious actors an opportunity to abuse them.
Researchers Peter Kalnai of ESET and Dan Goodin of ArsTechnica discovered that a Windows 10 Enterprise system might load a vulnerable Dell driver despite the feature that prevented impacted drivers from loading on a PC running Microsoft Windows.