Privilege escalation vulns found in over 40 Windows drivers

Security researchers have warned of privilege escalation vulnerabilities in more than 40 Windows hardware drivers from companies including AMD, Intel, Nvidia, and Realtek, allowing malicious software already running on the system to take full control of the host machine.

Mere days ago a security researcher detailed a zero-day vulnerability in Valve's Steam platform, since fixed in the beta release, which allows for malicious software already running on a system to elevate its privilege level - known as an escalation of privilege attack - to the administrative level, giving it full control over the software and hardware in the system. Now, researchers at Eclypsium have detailed flaws in more than 40 hardware drivers which allow for the same privilege of escalation attacks.

'Our analysis found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors – including every major BIOS vendor, as well as hardware vendors like Asus, Toshiba, Nvidia, and Huawei,' the researchers explain in a post entitled Screwed Drivers. 'However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft. Since the presence of a vulnerable driver on a device can provide a user (or attacker) with improperly elevated privileges, we have engaged Microsoft to support solutions to better protect against this class of vulnerabilities, such as blacklisting known bad drivers.'

Like the Steam flaw, the vulnerabilities allow for malicious software running under an unprivileged user account to elevate its privileges to the administrative or system levels and take full control over the affected machine. Eclypsium has named only 16 of its claimed 20-plus affected companies, with the remainder being covered under embargoes: ASRock, Asus, AMD's graphics division, Biostar, EVGA, Getac, Gigabyte, Huawei, Insyde, Intel, Micro-Star International (MSI), Nvidia, Phoenix Technologies, Realtek Semiconductor, SuperMicro, and Toshiba.

The flaws were unveiled at the DEF CON hacking conference this weekend, with more information available from the company's presentation (PDF warning).