Researchers find security flaws in 40 kernel drivers from 20 vendors
Security researchers at Eclypsium have discovered major security vulnerabilities in over 40 kernel drivers from 20 different hardware vendors. The flaws are the result of poor software design choices and allow applications with limited privileges to use driver functions in order to perform malicious actions that can impact highly sensitive parts of Windows operating systems, including the Windows kernel.
Mickey Shkatov of Eclypsium said that the flaws are the result of “a common software design anti-pattern where, rather than making the driver only perform specific tasks, it’s written in a flexible way to just perform arbitrary actions on behalf of userspace.” This flexibility “can be misused by userspace applications to perform arbitrary read/write” of sensitive sources like the kernel that should have been protected from such actions. Eclypsium has notified the impacted vendors, 17 of which have already issued security updates.