Artem S. Tashkinov writes: Researchers from security company Eclypsium have discovered that more than forty drivers from at least twenty different vendors — including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei — include critical vulnerabilities allowing an escalation of privileges to full system level access.
Considering how widespread these drivers are, and the fact that they are digitally signed by Microsoft, they allow an attacker to more successfully penetrate target systems and networks, as well as remain hidden. Also while some of these drivers “are designed to update firmware, the driver is providing not only the necessary privileges, but also the mechanism to make changes” which means the attacker can gain a permanent foothold. Eclypsium has already notified Microsoft about the issues and at least NVIDIA has already released fixed drivers.
of this story at Slashdot.
Source:: Slashdot