11 August 19, 12:13
Quote:Researchers analyzing the security of legitimate device drivers found that more than 40 from at least 20 hardware vendors can be abused to achieve privilege escalation.
Hardware represents the building blocks of a computer on top of which software resides. Drivers are what allows the operating system to identify the hardware components and interact with them.
Driver code enables communication between the OS kernel and the hardware, enjoying a higher permission level than the normal user and the administrator of the system.
Therefore, vulnerabilities in drivers are a serious issue as they can be exploited by a malicious actor to gain access to the kernel and get the highest privileges on the operating system (OS).
Since drivers are also used to update hardware firmware, they can reach components operating at an even deeper level that is off-limits for the OS, and change the way they function, or brick them.
BIOS and UEFI firmware, for instance, are low-level software that starts before the operating system, when you turn on the computer. Malware planted in this component is invisible to most security solutions and cannot be removed by reinstalling the OS.
Read more here: https://www.bleepingcomputer.com/news/se...scalation/