PhotoWindows 10 users are facing another critical warning -- one which could potentially impact millions of users.

As part of a presentation at hacker clambake DEF CON, researchers from technology security firm Eclypsium revealed the issue, saying it applies "to all modern versions of Microsoft Windows.” 

The issue is rather complex, but the basic idea is that system drivers -- computer programs that operate a device attached to a computer (such as a printer) -- can be attacked by hackers and allow them access to a device’s Windows 10 system software.

What’s impacted

The total number of impacted hardware drivers the Eclypsium researchers found added up to 20, and that includes a gamut of drivers responsible for everything from booting up the computer to operating a USB mouse. According to a Forbes investigation of the matter, the drivers are all Microsoft-sanctioned drivers and from trusted vendors such as Intel and Toshiba.

"Bad drivers can be immensely dangerous,” the researchers claimed in their presentation. “Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host."

Help is already on the way

Before you pull the rest of your hair out over the recent parade of Windows 10 gaffes, this one is already being fixed from the vendor level. Mickey Shkatov, Principal Researcher at Eclypsium, told ZDNet that “vendors, like Intel and Huawei, have already issued updates.”

Shkatov blames the issues he discovered on a “common software design anti-pattern” from the developer end, mostly out of a desire to “perform arbitrary actions on behalf of userspace.” 

"It's easier to develop software by structuring drivers and applications this way, but it opens the system up for exploitation,” he said.

In ConsumerAffairs’ check of Microsoft’s support site, we found no update regarding the issue or possible fixes. However, Eclypsium’s presentation included these comments and suggestions from Microsoft, which consumers can employ to further guard themselves:

  • Microsoft has a strong commitment to security and a demonstrated track record of investigating and proactively updating impacted devices as soon as possible. For the best protection, we recommend using Windows 10 and the Microsoft Edge browser.

  • In order to exploit vulnerable drivers, an attacker would need to have already compromised the computer. To help mitigate this class of issues, Microsoft recommends that customers use Windows Defender Application Control to block known vulnerable software and drivers.

  • Customers can further protect themselves by turning on memory integrity for capable devices in Windows Security. 


Share your Comments