Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/realtek-fixes-dll-hijacking-flaw-in-hd-audio-driver-for-windows/

Realtek fixed a security vulnerability discovered in the Realtek HD Audio Driver Package that could allow potential attackers to gain persistence, plant malware, and evade detection on unpatched Windows systems.

The Realtek High Definition Audio Driver is installed on Windows computers that come with Realtek audio cards. The bug was reported to the vendor on July 10, 2019, and it received a patch on December 13, 2019.

Realtek fixed the issue in the HD Audio driver package ver.8857 or newer, while driver versions earlier than 8855 that were built using the old version of the Microsoft development tool (VS2005) are still vulnerable to attacks.

If exploited, the vulnerability tracked as CVE-2019-19705 allows attackers to load and execute malicious payloads within the context of a Realtek-Semiconductor signed process on machines running an unpatched version of the HD Audio driver.
... ...

"An attacker can implant malware which will be executed on behalf of Realtek which can lead to bypassing AVs, and allows the attacker to steal all of the victims’ information," SafeBreach Labs security researcher Peleg Hadar told BleepingComputer.

When asked what platforms are affected by the vulnerable Realtek HD Audio Driver versions Peleg said that SafeBreach Labs "checked Windows 10, but I believe other versions are vulnerable as it’s an inherited problem."