Microsoft's Blunder Leaves Multitudes of Devices Vulnerable to Driver-Related Exploits

[plat]

Content source

https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/

Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows kernel protections. Rather than writing an exploit from scratch, the attacker simply installs any one of dozens of third-party drivers with known vulnerabilities. Then the attacker exploits those vulnerabilities to gain instant access to some of the most fortified regions of Windows.

It turns out, however, that Windows was not properly downloading and applying updates to the driver blocklist, leaving users vulnerable to new BYOVD attacks.

Personal note: One such example noted is the MSI Afterburner driver in version 4.6.2.15658. The developers, who were aware since practically Day Two and have since revised and replaced it, emphasize to only obtain AFB from the Guru of 3D website. To obtain the utility from any other third party risks d/l the older, vulnerable version.