In the midst of the everlasting onslaught of various security vulnerabilities such as Meltdown and Spectre, it seems as if we have another to add to the list. The new vulnerability, nicknamed 'Screwed Drivers' has been revealed to affect almost, if not all, major OEMs and hardware manufacturers.
'Screwed Drivers' - Quite Literally
These vulnerabilities have not yet been verified by other researchers, but Eclypsium, the original research group that discovered Screwed Drivers, has addressed the new flaw as very serious, and serious it seems indeed. According to Eclypsium, over 40 drivers from various vendors have created susceptibility to an attack.
The worst aspect of the situation is that all of the insecure drivers have been approved by Microsoft. Due to the approval of these drivers, each can be installed on a Windows machine with no regards to their flaws.
Vulnerable or outdated system and component firmware is a common problem and a high-value target for attackers, who can use it to launch other attacks, completely brick systems, or remain on a device for years gathering data, even after the device is wiped. To make matters worse, in this case, the very drivers and tools that would be used to update the firmware are themselves vulnerable and provide a potential avenue for attack.
These issues apply to all modern versions of Microsoft Windows and there is currently no universal mechanism to keep a Windows machine from loading one of these known bad drivers. Once installed, these drivers can reside on a device for long periods of time unless specifically updated or uninstalled. In addition to the drivers which are already installed on the system, malware can bring any of these drivers along with them to perform privilege escalation and gain direct access to the hardware.
At this moment, there seems to be no way for a user to fortify their system. Updating the drivers themselves run the risk of data exposure, the same way running the currently installed driver does. Until fixes are released, and we have yet to see if some of these issues are resolvable, the only option is to continue to operate systems normally.
Which Vendors Are Affected?
The list of affected vendors is shown below.
- ASUSTeK Computer
- ATI Technologies (AMD)
- Micro-Star International (MSI)
- Phoenix Technologies
- Realtek Semiconductor
Be aware that this list has great potential to grow as some vendors are under embargo and a fix for this issue may take an increased amount of time to develop and deploy.