Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Intel Driver Vulnerability Can Give Attackers Deep Access to a Device

Serious vulnerability found in Intel device driver.

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.

Serious vulnerability found in Intel device driver.

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.

Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gigabyte, Huawei, Insyde, Intel, MSI, NVIDIA, Phoenix Technologies, Realtek, SuperMicro and Toshiba.

The flaws uncovered by the company can be exploited by a piece of malware to escalate privileges to kernel mode, allowing it to gain control over both the operating system and hardware and firmware interfaces.

Of all the vendors notified by Eclypsium until August, only Intel and Huawei released patches and advisories, and Phoenix and Insyde provided fixes to their OEM customers.

Eclypsium now says Intel this week also released patches for a vulnerability in its PMx Driver (PMxDrv). The security flaw affecting the PMx driver poses a serious risk due to the fact that the driver can read and write to physical memory, to model specific registers, control registers, IDT and GDT descriptor tables, and to debug registers. The driver can also gain I/O and PCI access.

“This level of access can provide an attacker with near-omnipotent control over a victim device,” Eclypsium warned in a blog post published on Tuesday.

The PMx driver, Eclypsium says, is “one of the most capable, feature-rich, and most common drivers we have seen to date.” The company explained that the driver is delivered by Intel with a tool provided to OEM vendors and their customers for updating a device’s BIOS, and it was also provided to customers as part of a toolset released in response to the discovery of some vulnerabilities in Intel technology.

One way to prevent attacks exploiting these types of vulnerabilities involves the use of Microsoft’s hypervisor-protected code integrity (HVCI) technology, which should protect the operating system kernel. However, the technology only works with newer processors.

Advertisement. Scroll to continue reading.

Eclypsium says the best option for preventing attacks involves blocking or blacklisting problematic drivers. For example, Insyde, one of the companies whose drivers were found to be vulnerable, reached out to Microsoft and asked the tech giant to block affected versions of the driver via Windows Defender. According to Eclypsium, Insyde is the only vendor to have taken this step.

Related: Hackers Can Plant Backdoors on Bare Metal Cloud Servers

Related: Servers Can Be Bricked Remotely via BMC Attack

Related: BMC Firmware Vulnerabilities Affect Lenovo, Gigabyte Servers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.