Intel, NVIDIA, AMD Vulnerable to Privilege Escalation Malware Attacks

Auer

Auer

[H]ard|Gawd
Joined
Nov 2, 2018
Messages
1,972
https://www.techpowerup.com/258175/...rable-to-privilege-escalation-malware-attacks

"Cybersecurity research firm Eclypsium published a report titled "Screwed Drivers," chronicling a critical flaw in the design of modern device driver software from over 40 hardware manufacturers, which allows malware to gain privilege from Ring 3 to Ring 0 (unrestricted hardware access). The long list of manufacturers publishing drivers that are fully signed and approved by Microsoft under its WHQL program, includes big names such as Intel, AMD, NVIDIA, AMI, Phoenix, ASUS, Toshiba, SuperMicro, GIGABYTE, MSI, and EVGA. Many of the latter few names are motherboard manufacturers who design hardware monitoring and overclocking applications that install kernel-mode drivers into Windows for Ring-0 hardware-access."
 
Just don't ever connect to the internet with your PC. Problem solved.
 
5150Joker said:
Just don't ever connect to the internet with your PC.
Click to expand...

Sadly, your solution is not algebraically possible. You see, you could remove the computer from the internet (computer - internet), but you can't remove pr0n from the internet (internet !- pr0n), and that means that the only solution is (computer - pr0n), which ... means something. I'm not really that good at algebra, but there's something there that doesn't work out somehow.


P.S. And Hampsterdance! Who could live without Hampsterdance? It's also the best place to order "How The Hampsters Saved Winter!" (now on DVD!!!)
 
2 computers, 1 hooked up to fresh pron, the other hooked up to storage of stale pron.

I3 for #1, Threadripper for #2.
 
honegod said:
2 computers, 1 hooked up to fresh pron, the other hooked up to storage of stale pron.

I3 for #1, Threadripper for #2.
Click to expand...


200iq.gif
 
You would think people would be into security but heck no.

its a least a multi week event for me to reset Som lawyers or doctors email password because they felt for some phishing attack and type in their crendentials ong THISISTOTTALYMICROSOFT.SCAM.JP site.

Recently i have made it my task to emphaside that all current emails are no longer confidante and the intruder is to be considered having a copy of it and it scaning it for SS CC and Passwords.
Because just saying he had full acces does not ring a F3cking bell for these idiots.

Sometimes i wish there was a anonymity place I could call out these breaches.
 
SvenBent said:
You would think people would be into security but heck no.

its a least a multi week event for me to reset Som lawyers or doctors email password because they felt for some phishing attack and type in their crendentials ong THISISTOTTALYMICROSOFT.SCAM.JP site.

Recently i have made it my task to emphaside that all current emails are no longer confidante and the intruder is to be considered having a copy of it and it scaning it for SS CC and Passwords.
Because just saying he had full acces does not ring a F3cking bell for these idiots.

Sometimes i wish there was a anonymity place I could call out these breaches.
Click to expand...
I learned long ago as a mechanic and then as an auto body tech that there's a lot of job security and money to be made fixing the result of other peoples stupidity.
 
SvenBent said:
You would think people would be into security but heck no.

its a least a multi week event for me to reset Som lawyers or doctors email password because they felt for some phishing attack and type in their crendentials ong THISISTOTTALYMICROSOFT.SCAM.JP site.

Recently i have made it my task to emphaside that all current emails are no longer confidante and the intruder is to be considered having a copy of it and it scaning it for SS CC and Passwords.
Because just saying he had full acces does not ring a F3cking bell for these idiots.

Sometimes i wish there was a anonymity place I could call out these breaches.
Click to expand...

These types of attacks involve compromised drivers with stolen security certificates. The issue is related to the fact that the apparent 'secure method' of installing hardware drivers has been compromised and is therefore, in every way, a flaw in the OS.

Furthermore, malware scans will do nothing. The only way to remove the infection is to format and reinstall as the malware has installed above that of super admin as a result of using stolen security certificates.
 
SvenBent said:
You would think people would be into security but heck no.

its a least a multi week event for me to reset Som lawyers or doctors email password because they felt for some phishing attack and type in their crendentials ong THISISTOTTALYMICROSOFT.SCAM.JP site.

Recently i have made it my task to emphaside that all current emails are no longer confidante and the intruder is to be considered having a copy of it and it scaning it for SS CC and Passwords.
Because just saying he had full acces does not ring a F3cking bell for these idiots.

Sometimes i wish there was a anonymity place I could call out these breaches.
Click to expand...

Seems like mandatory annual training on phishing and security isn't taken seriously. Maybe raise it a notch and put striker rules on inbound email which sends obvious crap to oblivion while flagging everything from outside been from outside with visual mark.
All that along with restriction when they make a bad move especially on honey pot email sent from yourself.

But I understand that lawyers and doctors may be harder to pressure onto lol.
 
Mazzspeed said:
These types of attacks involve compromised drivers with stolen security certificates. The issue is related to the fact that the apparent 'secure method' of installing hardware drivers has been compromised and is therefore, in every way, a flaw in the OS.

Furthermore, malware scans will do nothing. The only way to remove the infection is to format and reinstall as the malware has installed above that of super admin as a result of using stolen security certificates.
Click to expand...

I am unsure why you are explaining the article. I can read it
 
SvenBent said:
I am unsure why you are explaining the article. I can read it
Click to expand...

If phishing attacks are an issue regarding email credentials, stop using O365 and make use of Gsuite. Every compromised email account I've seen suffering from man in the middle attacks has involved O365.
 
Mazzspeed said:
These types of attacks involve compromised drivers with stolen security certificates. The issue is related to the fact that the apparent 'secure method' of installing hardware drivers has been compromised and is therefore, in every way, a flaw in the OS.

Furthermore, malware scans will do nothing. The only way to remove the infection is to format and reinstall as the malware has installed above that of super admin as a result of using stolen security certificates.
Click to expand...


That.....is wrong. In every way.

Drivers can typically access ring0, and due to Windows drivers signing requirements, are also signed in most cases.

Drivers are also an exploit target for people who need to privilege escalate from a user to admin/system privileges. With the plethora of poorly written drivers, that have ring0 access, it should not be surprising that they are often vulnerable to exploit.

Malware can take advantage of this by using vulnerable drivers to get higher privileges, or sign their own bogus "drivers" (malware pretending to be legit).

Either way, if you get pwnd, nuke it from orbit.
 
Mazzspeed said:
If phishing attacks are an issue regarding email credentials, stop using O365 and make use of Gsuite. Every compromised email account I've seen suffering from man in the middle attacks has involved O365.
Click to expand...

Do you mean man in the middle attaks? it seems rather random in the 2 sentences you involved the term in. Man in the middle attacks is something completely different.
I've seen gsuit phishing attacks as well. and a solution to changes several thousands people set up instead of educating them on phishing attacks seem rather unoptimal in my eyes.
That like saying people should change to mac because its less popular as an target platform.

You still didn't answer my question btw.
 
You must log in or register to reply here.
Back
Top