- Dec 30, 2012
- 4,809
At the DEF CON 27 security conference today in Las Vegas, security researchers from Eclypsium gave a talk about common design flaws they found in more than 40 kernel drivers from 20 different hardware vendors.
The common design flaws is that low-privileged applications can use legitimate driver functions to execute malicious actions in the most sensitive areas of the Windows operating system, such as the Windows kernel.
"There are a number of hardware resources that are normally only accessible by privileged software such as the Windows kernel and need to be protected from malicious read/write from userspace applications," Mickey Shkatov, Principal Researcher at Eclypsium told ZDNet in an email earlier this week.
"The design flaw surfaces when signed drivers provide functionality which can be misused by userspace applications to perform arbitrary read/write of these sensitive resources without any restriction or checks from Microsoft," he added.
Shkatov blames the issues he discovered on bad coding practices, which don't take security into account.
"This is a common software design anti-pattern where, rather than making the driver only perform specific tasks, it's written in a flexible way to just perform arbitrary actions on behalf of userspace," he told ZDNet.
"It's easier to develop software by structuring drivers and applications this way, but it opens the system up for exploitation."
The common design flaws is that low-privileged applications can use legitimate driver functions to execute malicious actions in the most sensitive areas of the Windows operating system, such as the Windows kernel.
"There are a number of hardware resources that are normally only accessible by privileged software such as the Windows kernel and need to be protected from malicious read/write from userspace applications," Mickey Shkatov, Principal Researcher at Eclypsium told ZDNet in an email earlier this week.
"The design flaw surfaces when signed drivers provide functionality which can be misused by userspace applications to perform arbitrary read/write of these sensitive resources without any restriction or checks from Microsoft," he added.
Shkatov blames the issues he discovered on bad coding practices, which don't take security into account.
"This is a common software design anti-pattern where, rather than making the driver only perform specific tasks, it's written in a flexible way to just perform arbitrary actions on behalf of userspace," he told ZDNet.
"It's easier to develop software by structuring drivers and applications this way, but it opens the system up for exploitation."