[TPU]Drivers from Over 40 Manufacturers Including Intel, NVIDIA, AMD Vulnerable to Privilege Escalation Malware Attacks - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

[TPU]Drivers from Over 40 Manufacturers Including Intel, NVIDIA, AMD Vulnerable to Privilege Escalation Malware Attacks

Reply
 
Thread Tools
post #11 of 22 (permalink) Old 08-11-2019, 04:32 PM
New to Overclock.net
 
Heuchler's Avatar
 
Join Date: Mar 2012
Posts: 1,910
Rep: 257 (Unique: 187)
We all knew what the situation was. I did switch to OS/2 Warp back then but made the mistake of going back to Windows.


Is hardware the black hole of computing ?
https://medium.com/linagora-engineer...g-bdb9977ed5a8

Part I : a descent into the abyss


Windows 10 Security Alert: Vulnerabilties Found in Over 40 Drivers
https://www.bleepingcomputer.com/new...er-40-drivers/
Attached Thumbnails
Click image for larger version

Name:	ProtectionRings.png
Views:	3
Size:	107.7 KB
ID:	288270  

Click image for larger version

Name:	Rings of death.png
Views:	3
Size:	47.6 KB
ID:	288272  


Overclocking History (Click to show)
Intel 386DX/16 @ 20 MHz
CX486SLC/50 @ 50 MHz
AM486DX2/80 @ 100 MHz
AM486 DX4-100 @ 120 MHz
AK5x86-P75 [email protected] 160 MHz
Pentium 90 @ 120 Mhz
IBM 6x86L P166+ [email protected] 160 MHz
Celeron 300a @ 454 MHz
Pentium 3 700 @ 933 MHz
Athlon XP 1400+ @ 1600 MHz
Athlon XP 1800+ @ 2088 MHz
Athlon XP 2500+ @ 2200 MHz
Athlon 64 3000+ @ 2603 MHz
Athlon X2 BE2300 @ 1900 MHz
Athlon X2 4200+ @ 2210 MHz
Athlon X2 5000+ @ 2600 MHz
Core 2 Duo E4300 @ 3000 MHz
Core 2 Duo E6750 @ 3600 MHz
Core 2 Duo E8400 @ 4000 MHz
Xeon C2Q L5408 @ 3200 MHz
Xeon C2Q X5450 @ 3300 MHz
Xeon C2Q E5440 @ 3400 MHz
Xeon C2Q E5450 @ 3600 MHz
Phenom2 X4 B50 @ 3700 MHz
Phenom2 X6 1045T @ 4050 MHz
Core i5-2500K Sandy @ 4500 MHz
X5650 6-Core Westmere @ 3982 MHz
AMD FX 8320E Black Edition

FX-8320E @4.5GHz, X5650 @ 4.0GHz, X6 1045T @4.0GHz, i7 [email protected]
Thinkpad T420p with i7-2720QM overclocked because this is OCN
Heuchler is offline  
Sponsored Links
Advertisement
 
post #12 of 22 (permalink) Old 08-11-2019, 05:14 PM
New to Overclock.net
 
Join Date: Jun 2008
Location: Wilts, U.K.
Posts: 3,574
Rep: 454 (Unique: 386)
If you already have a foothold in the target system and can scan for hardware/drivers and deliver one of the correct driver specific exploits then things just got easier. If you're not already in though then not too much help?

Microsoft are fixing on average 2 or 3 privilege escalation exploits in their own software every month, why would you expect they can do any better when signing off other vendors drivers?


Darren9 is offline  
post #13 of 22 (permalink) Old 08-11-2019, 09:00 PM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,048
Rep: 116 (Unique: 101)
Quote: Originally Posted by SoloCamo View Post
Thing that I mock about this type of drivel is that if Linux (whatever millionth distro of the month we are talking here)
The amount of total distros is irrelevant in terms of what would be vulnerable or not, everything for the most part like 90% Linux market share is from distros based on about three distros. A debian privilege escalation attack would likely work fine on Ubuntu and vice versa.

Quote: Originally Posted by SoloCamo View Post
had the same market share it would have the same amount of efforts into attacking it.
It has more, average dudes with $800 dollars in their bank account is what most of the Windows user base is, super computers/servers etc running the modern world, power grid, etc are all on Linux. Linux isn't security by obscurity, it's an inherently more secure operating system. Case in point, the official driver repos that many distributions use are very hard to get onto. The very way they do things makes an attack like this a lot harder.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
Sponsored Links
Advertisement
 
post #14 of 22 (permalink) Old 08-12-2019, 12:48 AM
New to Overclock.net
 
Liranan's Avatar
 
Join Date: Nov 2010
Location: Soviet China... Oh wait..
Posts: 8,610
Rep: 607 (Unique: 292)
Quote: Originally Posted by SoloCamo View Post
Thing that I mock about this type of drivel is that if Linux (whatever millionth distro of the month we are talking here) had the same market share it would have the same amount of efforts into attacking it.
Linux dominates the server marketshare (Windows is almost non-existent) so there are constant attacks on Linux as well. However as has been proven the most secure OS is BSD, followed by Linux, Windows is third and iOS is just a joke, hacked within minutes at every hacker championships.

Sadly BSD suffers from huge hardware incompatibility due to it being far more obscure than Linux and Windows. And while iOS is based on BSD Apple have taken BSD and butchered it to make the rubbish they call an OS.

Quote:
Quote:
Originally Posted by faraz1729 go_quote.gif
Haha, Liranan, you creep.

Tacitus - The more corrupt the state, the more numerous the laws

Only when the last tree has died and the last river been poisoned and the last fish been caught will we realise we cannot eat money. - Cree Indian Proverb
Liranan is offline  
post #15 of 22 (permalink) Old 08-12-2019, 06:05 AM
Official Luddite of OCN
 
SoloCamo's Avatar
 
Join Date: Sep 2012
Location: Florida, USA
Posts: 5,378
Rep: 413 (Unique: 214)
Quote: Originally Posted by xJumper View Post
The amount of total distros is irrelevant in terms of what would be vulnerable or not, everything for the most part like 90% Linux market share is from distros based on about three distros. A debian privilege escalation attack would likely work fine on Ubuntu and vice versa.



It has more, average dudes with $800 dollars in their bank account is what most of the Windows user base is, super computers/servers etc running the modern world, power grid, etc are all on Linux. Linux isn't security by obscurity, it's an inherently more secure operating system. Case in point, the official driver repos that many distributions use are very hard to get onto. The very way they do things makes an attack like this a lot harder.
Fair enough as I didn't factor in the server market. However, regarding the average user with $800 use case, I'd have to disagree and note that the majority of consumers, rich or poor are running on Windows. Supercomputers/servers aren't typically used in the consumer market for obvious reasons so it's not so much a money thing as it is a use case and knowledge thing.

Quote: Originally Posted by Liranan View Post
Linux dominates the server marketshare (Windows is almost non-existent) so there are constant attacks on Linux as well. However as has been proven the most secure OS is BSD, followed by Linux, Windows is third and iOS is just a joke, hacked within minutes at every hacker championships.

Sadly BSD suffers from huge hardware incompatibility due to it being far more obscure than Linux and Windows. And while iOS is based on BSD Apple have taken BSD and butchered it to make the rubbish they call an OS.
Fair enough, like noted above I did not factor in the server market.


4k box
(23 items)
Oculus Box
(6 items)
CPU
4790k at 4.6ghz
Motherboard
Gigabyte GA-Z97X-Gaming 7
GPU
Sapphire Vega 64 1667mhz core / 1100 mem (reference air cooler)
RAM
G.Skill Trident X 16gb DDR3 2400mhz (2x8gb)
Hard Drive
Crucial M4 128gb
Hard Drive
Crucial MX100 256gb
Hard Drive
Crucial M500 480gb
Hard Drive
Crucial MX500 500gb
Hard Drive
Hyundai Sapphire 240gb
Hard Drive
Hyundai Sapphire 120gb
Optical Drive
LG Blu Ray RW
Power Supply
NZXT Hale82 850w
Cooling
Noctua NH-U12S
Case
Rosewill Thor V2 (Black)
Operating System
Windows 10 Pro
Monitor
ASUS PB287Q (4k)
Monitor
Dell Ultrasharp 1908FP
Keyboard
Corsair K55 RGB
Mouse
Fenek Swift Gaming Mouse - PMW 3360 Sensor
Mousepad
Steelseries QCK+
Audio
Creative SoundBlaster Z
Audio
Logitech Z-623
Audio
Sennheiser HD 280 PRO
CPU
FX-9590
Motherboard
Asus Crosshair V Formula Z
GPU
Sapphire Pulse Vega 56 1590core/945mem
RAM
16gb DDR3 1866 cas9 (two dimms)
Cooling
AMD FX Watercooler (came with 9590)
Operating System
Win10 pro 64bit
CPU
Xeon E5450
CPU
Xeon E5450
Motherboard
Dell T7400 stock
GPU
XFX DD 7970Ghz Edition
RAM
32gb DDR2 667mhz Quad Channel (4gb x8)
Hard Drive
Hyundai Sapphire 240gb SSD
Power Supply
Dell T7400 stock 1000w PSU
Operating System
Win 10 Pro
▲ hide details ▲
SoloCamo is offline  
post #16 of 22 (permalink) Old 08-12-2019, 07:17 PM
Original 16-bit Genesis®
 
Omega X's Avatar
 
Join Date: Mar 2013
Location: That gap between the couch cushion.
Posts: 1,626
Rep: 67 (Unique: 44)
Quote: Originally Posted by Defoler View Post
Good way now to force people to upgrade. Old motherboard? No new drivers. Either replace or you are on the risk.
If you add MS to blacklist certain drivers, than you are in the risk of your OS not getting updated or not working at all.

Microsoft patch up old drivers often for compatibility. They can probably deal with this issue quickly if they put up the resources to do so.
Omega X is offline  
post #17 of 22 (permalink) Old 08-13-2019, 04:45 PM
First Time Listener.
 
Krawk's Avatar
 
Join Date: Jul 2013
Posts: 8
Rep: 0
I had replied to the thread elsewhere about Nvidia encouraging us to update our drivers for this reason. Again, I ask, what is the actual risk to an end user? I sit behind my ZyXEL DSL modem which likely has a good firewall, so a random hacker out there trying to exploit my MSI/Nvidia graphics or MSI motherboard drivers seems pretty damned remote! Does not the built in Windows firewall also trump the exploits too? Someone from the outside has to get a foothold first.
Krawk is offline  
post #18 of 22 (permalink) Old 08-14-2019, 09:16 AM
I <3 narcissists
 
bigjdubb's Avatar
 
Join Date: Feb 2008
Location: Houston, TX
Posts: 5,581
Rep: 219 (Unique: 136)
I think malicious software exploiting the vulnerability is more likely than a hacker getting on your network and trying to exploit this vulnerability.

Gaming Rig
(12 items)
Couch Gaming Rig
(10 items)
Work rig
(11 items)
CPU
Ryzen 7 3700x
Motherboard
Gigabyte X570 Master
GPU
EVGA RTX 2080ti FTW3
RAM
G.Skill TridentZ RGB
Hard Drive
HP EX920 m.2
Hard Drive
Intel SSD6 m.2
Hard Drive
Intel SSD6 m.2
Power Supply
EVGA G3
Cooling
CORSAIR H150I PRO
Case
LianLi PC-O11 Dynamic
Operating System
Win 10 Home
Monitor
LG 32GK650G
CPU
Ryzen 5 3600
Motherboard
Asus x470i
GPU
Radeon VII
RAM
G.Skill TridentZ RGB
Hard Drive
Samsung 970 evo
Power Supply
InWin A1
Cooling
NZXT M22
Case
InWin A1
Operating System
Win10 Home
Monitor
Vizio 4k TV
CPU
AMD Ryzen 7 2700X
Motherboard
Asrock X470 Taichi Ultimate
GPU
GTX 750
RAM
Patriot Viper
Hard Drive
HP EX920 M.2
Power Supply
EVGA G3
Cooling
CORSAIR H150I PRO
Case
NZXT Source 210
Operating System
Windows 10 Pro
Monitor
BenQ PD3200Q
Monitor
LG 32UD59
▲ hide details ▲


bigjdubb is offline  
post #19 of 22 (permalink) Old 08-14-2019, 09:35 AM
Otherworlder
 
epic1337's Avatar
 
Join Date: Feb 2011
Posts: 7,311
Rep: 216 (Unique: 124)
yup, the chances of you specifically being targeted by a hacker is at least one in a million, one should ask himself "why would they even target me?".

its more likely that you'd unknowingly download a malicious software.

trolling an adult is very dangerous, don't try it at home nor at work. you don't want to play tag with a rabid man.
epic1337 is offline  
post #20 of 22 (permalink) Old 08-14-2019, 11:57 AM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,048
Rep: 116 (Unique: 101)
Quote: Originally Posted by epic1337 View Post
yup, the chances of you specifically being targeted by a hacker is at least one in a million, one should ask himself "why would they even target me?".

its more likely that you'd unknowingly download a malicious software.
Doesn't work like that...

Nobody tries to specifically target anyone, ports scanners crawl the web probing every single combination of IP address and all 65,535 TCP/UDP ports.

When I was running a server from my house with a mere 11 ports open my logs would be filled with hundreds of probing/brute force attempts.

The amount of people who are unknowingly part of a large bot net or have their routers DNS hijacked/poisoned is huge. Open ports with vulnerable applications get you owned.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off