The vulnerabilities were discovered by researchers from Eclypsium, as a part of a mammoth project that appeared at the general state of Windows kernel driver security. Over the summer, Eclypsium researchers presented their findings at the DEF CON 27 security conference in Las Vegas. On-time, they disclosed over 40 vulnerabilities in kernel drivers from 20 different hardware distributors.
They solely made public particulars about 39 kernel drivers, holding again on disclosing just a few points that had but to be fastened. Two of these points had been fixed three days later after Eclypsium’s DEF CON speak on August 13, when Intel launched fixes for the Intel Processor Identification Utility and the Intel Computing Improvement Program. “One other driver that was held beneath embargo because of the complexity of the problem was the Intel PMx Driver (additionally named PMxDrv),” the Eclypsium team said in a blog post today.
“Throughout our evaluation of the Intel PMx driver, we discovered it to be extremely successful, containing a superset of all of the capabilities that we had seen beforehand.” As Eclypsium researchers told ZDNet in an interview back in August, all these legitimate PMx driver options could be abused by malicious code operating on a contaminated machine. Usually, an attacker would wish admin rights to entry a kernel driver’s features. However, Eclypsium mentioned that many distributors had failed to guard kernel drivers by secure programming practices, and had been allowing userspace apps to name kernel driver functions without any restrictions.
Making issues worse, this is one of the most popular and widely used kernel drivers in existence. The driver has been a regular part of many Intel ME and BIOS-related instruments that Intel has been releasing for the previous 20 years, since 1999.