“Signed and certified does not mean safe.” Security researcher Eclypsium has discovered that more than 40 drivers from hardware giants (e.g., ASUS, Huawei, NVIDIA, and Toshiba) are tainted with vulnerabilities that could allow read/write access to the Windows kernel. These were not only approved by third-party vendors, but Microsoft as well.
List of Affected Vendors
- ASUSTeK Computer
- ATI Technologies (AMD)
- Micro-Star International (MSI)
- Phoenix Technologies
- Realtek Semiconductor
A vulnerable driver installed on a machine could allow an application running with user privileges to escalate to kernel privileges and abuse the functionality of the driver. In other words, any malware running in the user space could scan for a vulnerable driver on the victim machine and then use it to gain full control over the system and potentially the underlying firmware.