In a recent study conducted by Eclypsium, a firmware security company, insecure drivers were analyzed. Hardware drivers, in simple terms, are control centers for your device. It manages, updates, and communicates with the software, applications, and other devices. The insecure drivers are perfect and ideal targets for attackers. The vulnerabilities give them easy access to almost and potentially full control over your device and firmware, and researchers found that over forty vulnerable drivers were approved and certified by Microsoft.
Drivers have multiple levels of privileges. The least privileged level is given to device users and even administrators operate only from this level farthest from firmware operations. As the levels get closer to the firmware center, privileges and manual controls increase. In the vulnerable drivers Microsoft approved, when attackers gain access to the device, they can easily achieve the second highest privileges and obtain nearly full and undetected control of your device. Attackers can also gain access to deeper “negative” levels of privileges which keeps the attacker in control even in the case the entire operating system is reinstalled. The attackers can change, collect, disable, receive, send, and redirect any data stored, received, and sent over your network.
Even if your device is not attacked, an insecure driver makes prevention more difficult than it should be. The driver contains tools that would typically be used to update and protect your device and firmware. These tools become useless when the driver is vulnerable, as it would enable instead of disable and prevent potential threats and attackers.
Organizations have been encouraged to regularly scan for outdated firmware and vulnerabilities, update drivers, and monitor and test their firmware for unsolicited changes.
WHAT THIS MEANS FOR YOU
It’s important to realize that “signed and certified”, Eclypsium says, “does not mean safe”. Your device may be at risk. There is nothing yet to keep a Microsoft device from loading a vulnerable driver, but there are a few security features such as Windows Pro, Windows Enterprise, and Windows Server that some may be able to employ to protect their devices. If you are currently using an insecure driver, contact your local IT technician.