Team OS : Your Only Destination To Custom OS !!

Welcome to TeamOS Community, Register or Login to the Community to Download Torrents, Get Access to Shoutbox, Post Replies, Use Search Engine and many more features. Register Today!

Tech News Critical Windows 10 Warning: Millions Of Users At Risk!

By Davey Winder - Senior Contributor, Cybersecurity

Millions of Windows 10 users at risk of compromise as critical vulnerability is revealed at DEF CON 27Getty

As the Black Hat security conference comes to an end in Las Vegas, so the DEF CON hacker convention begins. It didn't take long for the first critical warnings for Windows users to emerge as a result. This one is particularly worrying as, according to the Eclypsium researchers who gave the presentation, the issue applies "to all modern versions of Microsoft Windows," which leaves millions of Windows 10 users at risk of system compromise.
What did the researchers reveal?

In a nutshell, the researcher found a common design flaw within the hardware device drivers from multiple vendors including Huawei, Intel, NVIDIA, Realtek Semiconductor, SuperMicro and Toshiba. In total, the number of hardware vendors affected runs to 20 and includes every major BIOS vendor. The nature of the vulnerability has the potential for the widespread compromise of Windows 10 machines.

Eclypsium’s research team were investigating how insecure drivers can be abused to attack a device and gain a foothold on the system it is part of. "Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component," the researchers stated during their presentation, "can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host."

The drivers were found to have design flaws that enable what are meant to be "low-privilege" applications to be used by a threat actor in such a way as to potentially compromise parts of the Windows operating system that should only be accessible by "privileged" applications. That includes the Windows kernel at the very heart of the operating system.

The dangerous escalation of privileges problem, giving an attacker read and write access at the same level as the kernel, becomes more problematical when you realize the level of trust that can be exploited here.
These were not "rogue" drivers, but officially sanctioned ones. They were all from trusted vendors, all signed by trusted certificate authorities and all certified by Microsoft.

As the drivers are designed specifically to update firmware, the seriousness of the issue becomes very apparent, very quickly. The flawed drivers not only provide the mechanism to make these changes but also the privileges to do so. If a threat actor can manipulate this combination of bad coding and signed certification, well, the outcome isn't going to look pretty.

The researchers stated that there are "multiple examples of attacks in the wild that take advantage of this class of vulnerable drivers." Examples provided included the Slingshot APT campaign which installs a kernel rootkit and "LoJax malware" that installs malicious code in device firmware that can even survive a full Windows reinstallation.
Has the problem been fixed yet?

Mickey Shkatov, a principal researcher at Eclypsium, told ZDNet that "Some vendors, like Intel and Huawei, have already issued updates." Others, which are independent BIOS vendors, like Phoenix and Insyde, "are releasing their updates to their customer OEMs," Shkatov said.

The Eclypsium research reveals that the security issue applies to "all modern versions of Microsoft Windows," and "there is currently no universal mechanism to keep a Windows machine from loading one of these known bad drivers." That said, group policies for Windows Enterprise, Pro and Sever could provide a degree of mitigation to "a subset of users," the researchers stated.

The full list of vendors that have issued updates, which you should install as soon as possible, can be found here.
What has Microsoft said?

A Microsoft statement said, "In order to exploit vulnerable drivers, an attacker would need to have already compromised the computer. To help mitigate this class of issues, Microsoft recommends that customers use Windows Defender Application Control to block known vulnerable software and drivers." As well as turning on memory integrity for capable devices in Windows Security, Microsoft also recommended using Windows 10 and the Edge browser "for the best protection."
 

dragon9

✅ Verified Member
Member
Downloaded
54 GB
Uploaded
2.6 TB
Ratio
49.97
Seedbonus
123,386
Upload Count
0 (0)
Member for 9 years
Thank you good post
 

Silver347

Member
Banned
Downloaded
13.4 GB
Uploaded
5 GB
Ratio
0.37
Seedbonus
0
Upload Count
0 (0)
Member for 5 years
Thank god I'm not using Win10 hahahahahaha
 

kwanteq

✅ Verified Member
Member
Downloaded
95.1 GB
Uploaded
212.9 GB
Ratio
2.24
Seedbonus
16,163
Upload Count
0 (0)
Member for 8 years
Thank you, updated all drivers and bios from Lenovo on my legion machine
 

SlavkoPejic

Power User
✅ Verified Member
Member
Downloaded
200.5 GB
Uploaded
80.1 TB
Ratio
408.89
Seedbonus
328,154
Upload Count
0 (0)
Member for 5 years
Thank you
 
Downloaded
16.2 GB
Uploaded
9.4 GB
Ratio
0.58
Seedbonus
115
Upload Count
0 (0)
Member for 4 years
I've have just begun (2 months ago) giving W10 a "chance", to see what it was all about... I HATE IT... It's a gigantic tracking machine that is as corrupt as can be... My neighbor just took del'y of a new HP Laptop - preloaded with all manner of bloat-, mal-, & crap-ware on W10... He HATES his new computer...
Now i have to figure out how to remove it from a 2 brand-new SSDs... Samsung Magician not working on either machine, just an error message: "Entry Point Not Found", pertaining to MSVCR120_CLR0400.dll, and a reinstall doesn't work... So, I'm flying by the seat of my pants, wish me the best...
 

hamabe

: It's that time again : 。゚・ (>﹏<) ・゚。
Power User
✅ Verified Member
Member
Downloaded
435.9 GB
Uploaded
37.6 TB
Ratio
88.22
Seedbonus
2,646,569
Upload Count
0 (0)
Member for 5 years
@SubAtomicGenius
Try reinstalling see if it fixes your missing dll file problem
but if the problem persists, post a thread in
 
Downloaded
16.2 GB
Uploaded
9.4 GB
Ratio
0.58
Seedbonus
115
Upload Count
0 (0)
Member for 4 years
@SubAtomicGenius
Try reinstalling see if it fixes your missing dll file problem
but if the problem persists, post a thread in
K, thanx...
 

neve33609pre

Member
Downloaded
31.2 GB
Uploaded
345.4 GB
Ratio
11.07
Seedbonus
327,024
Upload Count
0 (0)
Member for 6 years
Does anybody know if the latest builds here in TeamOS have fixed this problem? I am wondering this because I think this is serious...
 

Cyler

🤴 Super Admin
⚡OS Master
Downloaded
510.5 GB
Uploaded
24.5 TB
Ratio
49.16
Seedbonus
27,587
Upload Count
1 (1)
Member for 6 years
Does anybody know if the latest builds here in TeamOS have fixed this problem? I am wondering this because I think this is serious...
It is serious, you are right but the article, as well as the actual findings, mention that the drivers from the various companies had the issues and not windows itself, so there is nothing to fix.

" the researcher found a common design flaw within the hardware device drivers " - " the number of hardware vendors affected runs to 20 and includes every major BIOS vendor " - " Drivers that provide access to system BIOS or system components " - " drivers were found to have design flaws " - "They were all from trusted vendors". As you see its all about device drivers.

Note that for this exploit to work the attacker must have admin privileges in which case it means it has full control of the system anyway so important as it is, its nothing a home user should be worried that much. This was released almost a year ago and I'm sure you already must have updated older drivers, so you shouldn't have issues either way.
 

Suvam4549

Member
Downloaded
5.1 GB
Uploaded
6.1 GB
Ratio
1.19
Seedbonus
627
Upload Count
0 (0)
Member for 8 years
Thank god I'm not using Win10 hahahahahaha
What about those which last had a driver update in 2012 and... Windows 10 runs perfectly with that obsolete driver!!

I'm sure you already must have updated older drivers, so you shouldn't have issues either way.
Bold of you to assume that! Windows 10 is heavily backwards compatible and runs like a breeze with 2010 Windows 7 drivers! I haven't had a driver/BIOS update in almost a decade!
 

Cyler

🤴 Super Admin
⚡OS Master
Downloaded
510.5 GB
Uploaded
24.5 TB
Ratio
49.16
Seedbonus
27,587
Upload Count
1 (1)
Member for 6 years
Bold of you to assume that! Windows 10 is heavily backwards compatible and runs like a breeze with 2010 Windows 7 drivers! I haven't had a driver/BIOS update in almost a decade!
Where did I make that assumption? I didn't mention anything about the compatibility of Windows 10 drivers and older devices specifically. My comment was towards newer driver vs older driver for the same device. In general older devices, don't get new drivers anyway. Also, what I mentioned was about the security perspective of a driver and NOT the driver's performance. A driver may work fine but that doesn't mean its secure.

Btw it's hard to have windows 10 for a decade since they came out in 2015 and the comments here were made with the understanding that we talk about Windows 10 ONLY and its drivers.
 

gnw9396

✅ Verified Member
Member
Downloaded
220.3 GB
Uploaded
1 TB
Ratio
4.85
Seedbonus
3,243
Upload Count
0 (0)
Member for 10 years
excellent post.THANK YOU
 

Suvam4549

Member
Downloaded
5.1 GB
Uploaded
6.1 GB
Ratio
1.19
Seedbonus
627
Upload Count
0 (0)
Member for 8 years
A driver may work fine but that doesn't mean its secure.
That's exactly why I commented at the first place! I won't be getting any update as my OEM dropped support in 2011!
Btw it's hard to have windows 10 for a decade since they came out in 2015 and the comments here were made with the understanding that we talk about Windows 10 ONLY and its drivers.
Um, seems like we ran into some misunderstanding here. I didn't say that I'm running Windows 10 for nearly a decade. I meant that my OEM hasn't released any driver/BIOS update since 2011 (End of support). Which means Windows 10 was forced to use the drivers made for Windows 7 exclusively. I didn't even get drivers for Windows 8. My question was, am I affected with those obsolete drivers (which will never get any update)?
 

Cyler

🤴 Super Admin
⚡OS Master
Downloaded
510.5 GB
Uploaded
24.5 TB
Ratio
49.16
Seedbonus
27,587
Upload Count
1 (1)
Member for 6 years
That's exactly why I commented at the first place! I won't be getting any update as my OEM dropped support in 2011!

Um, seems like we ran into some misunderstanding here. I didn't say that I'm running Windows 10 for nearly a decade. I meant that my OEM hasn't released any driver/BIOS update since 2011 (End of support). Which means Windows 10 was forced to use the drivers made for Windows 7 exclusively. I didn't even get have drivers for Windows 8. My question was, am I affected with those obsolete drivers (which will never get any update)?

I misunderstood your tone then. As for what you ask, can't be 100% sure without testing, but in general, since you are using drivers made for win 7 they might not be affected by this issue compared to drivers made for windows 10 driver model. In your particular case you have nothing to be afraid as the attacker must a) have physical access to your PC and b) must have a malicious driver made for your specific device to replace the older driver, and since your device is old chances are he will have a hard time to code or find one. Sometimes we can be lucky even in a bad situation as not having newer drivers for devices.

May I ask what kind of device are you having a hard time finding drivers? This particular exploit affects only drivers that interact with the kernel and/or bios, which are a very specific subset of all the devices out there. For example, USB printers are not affected by this.
 
Last edited:

Suvam4549

Member
Downloaded
5.1 GB
Uploaded
6.1 GB
Ratio
1.19
Seedbonus
627
Upload Count
0 (0)
Member for 8 years
May I ask what kind of device are you having a hard time finding drivers? This particular exploit affects only drivers that interact with the kernel and/or bios, which are a very specific subset of all the devices out there. For example, USB printers are not affected by this.
I am using Intel i3 530 processor w/ iGPU on Intel's own board DH55TC. Intel removed access to the obselete driver downloads last year. If you look up on Intel's site now, you'll get no drivers but a product discontinuation file. Windows always auto installs the latest drivers (2011) thankfully.

a) have physical access to your PC and b) must have a malicious driver made for your specific device to replace the older driver, and since your device is old chances are he will have a hard time to code or find one.
Then I'm safe! :)
 

Cyler

🤴 Super Admin
⚡OS Master
Downloaded
510.5 GB
Uploaded
24.5 TB
Ratio
49.16
Seedbonus
27,587
Upload Count
1 (1)
Member for 6 years
I am using Intel i3 530 processor w/ iGPU on Intel's own board DH55TC. Intel removed access to the obselete driver downloads last year. If you look up on Intel's site now, you'll get no drivers but a product discontinuation file. Windows always auto installs the latest drivers (2011) thankfully.

Then I'm safe! :)
You are absolutely right, the latest drivers are mostly from 2012 with some being as old as 2010 but they do work with windows 10, at least most of the versions. That also means you are safe from this as far as mobo drivers go.
 
Top