Screwed Drivers - New Vulnerabilities Found in Windows Drivers

Presented by

Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium

About this talk

Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host. There are multiple examples of attacks in the wild that take advantage of this class of vulnerable drivers, such as the Slingshot APT or LoJax malware campaigns. Research conducted by Eclypsium found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors* – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft. In this webinar, Eclypsium researchers Jesse Michael and Mickey Shaktov will teach you how these drivers work, show you the unbelievable risk they pose, and discuss methods that security professionals can use to protect their organizations from device driver vulnerabilities. This webinar will reveal new information on additional drivers impacted by this design flaw, which were undisclosed when Eclypsium's earlier research into Screwed Drivers was presented at DEF CON.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (50)
Subscribers (3177)
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.