Malware News Microsoft's Blunder Leaves Multitudes of Devices Vulnerable to Driver-Related Exploits

plat

Level 28
Thread author
Verified
Top Poster
Well-known
Sep 13, 2018
1,759
Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows kernel protections. Rather than writing an exploit from scratch, the attacker simply installs any one of dozens of third-party drivers with known vulnerabilities. Then the attacker exploits those vulnerabilities to gain instant access to some of the most fortified regions of Windows.

It turns out, however, that Windows was not properly downloading and applying updates to the driver blocklist, leaving users vulnerable to new BYOVD attacks.

Personal note: One such example noted is the MSI Afterburner driver in version 4.6.2.15658. The developers, who were aware since practically Day Two and have since revised and replaced it, emphasize to only obtain AFB from the Guru of 3D website. To obtain the utility from any other third party risks d/l the older, vulnerable version.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top