Hi [[ session.user.profile.firstName ]]

Screwed Drivers - New Vulnerabilities Found in Windows Drivers

Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host. There are multiple examples of attacks in the wild that take advantage of this class of vulnerable drivers, such as the Slingshot APT or LoJax malware campaigns.

Research conducted by Eclypsium found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors* – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft.

In this webinar, Eclypsium researchers Jesse Michael and Mickey Shaktov will teach you how these drivers work, show you the unbelievable risk they pose, and discuss methods that security professionals can use to protect their organizations from device driver vulnerabilities.

This webinar will reveal new information on additional drivers impacted by this design flaw, which were undisclosed when Eclypsium's earlier research into Screwed Drivers was presented at DEF CON.
Recorded Nov 14 2019 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
Presentation preview: Screwed Drivers - New Vulnerabilities Found in Windows Drivers

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Screwed Drivers - New Vulnerabilities Found in Windows Drivers Recorded: Nov 14 2019 60 mins
    Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
    Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host. There are multiple examples of attacks in the wild that take advantage of this class of vulnerable drivers, such as the Slingshot APT or LoJax malware campaigns.

    Research conducted by Eclypsium found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors* – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft.

    In this webinar, Eclypsium researchers Jesse Michael and Mickey Shaktov will teach you how these drivers work, show you the unbelievable risk they pose, and discuss methods that security professionals can use to protect their organizations from device driver vulnerabilities.

    This webinar will reveal new information on additional drivers impacted by this design flaw, which were undisclosed when Eclypsium's earlier research into Screwed Drivers was presented at DEF CON.
Enterprise Firmware Security
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Screwed Drivers - New Vulnerabilities Found in Windows Drivers
  • Live at: Nov 14 2019 6:00 pm
  • Presented by: Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
  • From:
Your email has been sent.
or close