Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Software News (https://www.overclock.net/forum/226-software-news/)
-   -   [TPU]Drivers from Over 40 Manufacturers Including Intel, NVIDIA, AMD Vulnerable to Privilege Escalation Malware Attacks (https://www.overclock.net/forum/226-software-news/1731292-tpu-drivers-over-40-manufacturers-including-intel-nvidia-amd-vulnerable-privilege-escalation-malware-attacks.html)

AlphaC 08-11-2019 10:36 AM

[TPU]Drivers from Over 40 Manufacturers Including Intel, NVIDIA, AMD Vulnerable to Privilege Escalation Malware Attacks
 
https://www.techpowerup.com/258175/d...alware-attacks
Quote:

Cybersecurity research firm Eclypsium published a report titled "Screwed Drivers," chronicling a critical flaw in the design of modern device driver software from over 40 hardware manufacturers, which allows malware to gain privilege from Ring 3 to Ring 0 (unrestricted hardware access). The long list of manufacturers publishing drivers that are fully signed and approved by Microsoft under its WHQL program, includes big names such as Intel, AMD, NVIDIA, AMI, Phoenix, ASUS, Toshiba, SuperMicro, GIGABYTE, MSI, and EVGA. Many of the latter few names are motherboard manufacturers who design hardware monitoring and overclocking applications that install kernel-mode drivers into Windows for Ring-0 hardware-access.

Heuchler 08-11-2019 11:31 AM

If only there was a better way. Time for me to switch.




VFIO - Update! w/Pop!_os -- PCIe Passthrough even with identical graphics cards
https://forum.level1techs.com/t/vfio...h-draft/142287





Master seems to be the go-to for a Ryzen 3000 high-end, Linux, and VFIO motherboard
https://forum.level1techs.com/t/aoru...ettings/145081

looniam 08-11-2019 12:20 PM

https://eclypsium.com/2019/08/10/scr...led-delivered/
Quote:

Our analysis found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft. Since the presence of a vulnerable driver on a device can provide a user (or attacker) with improperly elevated privileges, we have engaged Microsoft to support solutions to better protect against this class of vulnerabilities, such as blacklisting known bad drivers.
i'm sure if anyone has owned an nvidia card knows that MS's WHQL program is a joke but this is ridiculous.

btw,
Quote:

List of Affected Vendors
ASRock
ASUSTeK Computer
ATI Technologies (AMD)
Biostar
EVGA
Getac
GIGABYTE
Huawei
Insyde
Intel
Micro-Star International (MSI)
NVIDIA
Phoenix Technologies
Realtek Semiconductor
SuperMicro
Toshiba
can anyone name a mother vendor that isn't there?

DFI, where are you? :D

huzzug 08-11-2019 12:48 PM

Quote:

Originally Posted by looniam (Post 28084370)
Quote:

we have engaged Microsoft to support solutions to better protect against this class of vulnerabilities, such as blacklisting known bad drivers.

Does that mean MS was actively spreading these vulnerable drivers through it's update services and hence, a case be made for them to stop that stupidity?

skupples 08-11-2019 12:55 PM

I wanna know if they were KNOWINGLY certifying shart... you know, like junk bonds for $32428934239472834

this affects every single system in my work environment

looniam 08-11-2019 12:55 PM

Quote:

Originally Posted by huzzug (Post 28084420)
Does that mean MS was actively spreading these vulnerable drivers through it's update services and hence, a case be made for them to stop that stupidity?

that might be a stretch to permaban that though i completely despise them pushing hardware drivers out.

it would be prudent to suspend that "service" until they get this sorted - hopefully with third party help.

Defoler 08-11-2019 12:55 PM

Good way now to force people to upgrade. Old motherboard? No new drivers. Either replace or you are on the risk.
If you add MS to blacklist certain drivers, than you are in the risk of your OS not getting updated or not working at all.

Imouto 08-11-2019 01:09 PM

Linux Master Race.

SoloCamo 08-11-2019 03:14 PM

Quote:

Originally Posted by Imouto (Post 28084450)
Linux Master Race.

Thing that I mock about this type of drivel is that if Linux (whatever millionth distro of the month we are talking here) had the same market share it would have the same amount of efforts into attacking it.

Quote:

Originally Posted by looniam (Post 28084370)
https://eclypsium.com/2019/08/10/scr...led-delivered/


i'm sure if anyone has owned an nvidia card knows that MS's WHQL program is a joke but this is ridiculous.

btw,


can anyone name a mother vendor that isn't there?

DFI, where are you? :D

"IWill" - my old s478 socket board that I had paired with a 2.53ghz p4 + 512mb rambus PC800 + GF4 ti4200. Good times. That motherboard was also crap to say the least but I didn't know better at the time.

SoloCamo 08-11-2019 03:17 PM

dp, sorry


All times are GMT -7. The time now is 11:32 AM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.