Windows Certified Drivers Apparently Unsafe | WHAT REALLY HAPPENED

Windows Certified Drivers Apparently Unsafe

Eclypsium, an Oregon security company, claims that drivers on Microsoft’s Windows platform are a security mess. Who could have guessed? Their researchers found serious flaws in more than 40 drivers from at least 20 different hardware vendors. Apparently every single one of these vulnerabilities allows the driver to hand over “access to the hardware resources, such as read and write access to processor and chipset I/O space, Model Specific Registers (MSR), Control Registers (CR), Debug Registers (DR), physical memory and kernel virtual memory. This is a privilege escalation as it can move an attacker from user mode (Ring 3) to OS kernel mode (Ring 0).” Basically, complete control of the impacted machine. Not only that, these potentially allow malware to compromise your UEFI and persist across an operating system re-installation. They also add that not only do these drivers provide the necessary access, they also provide the mechanism to make changes.