VMware researcher Carbon Black has discovered and documented 34 vulnerabilities in legacy tools for Windows that could allow attackers to gain full control. The vulnerability affects drivers from companies such as Intel, AMD, Nvidia, Dell and Phoenix Technologies.
Vulnerabilities are in driver software, BIOS or operating system for legacy devices, making the system vulnerable to various attacks that can allow criminals to to attack, change the control code and remove some I/O instructions, etc.
Researcher Takahiro Hauryama has provided proof of concept for some vulnerabilities on his blog and on Github. He also called on the seller’s responsibility to manage repairs. The expert found that an unprivileged user can run cmd.exe with the integrity process using Windows 11 with HVCI (Hypervisor-protected Code Integrity).
According to him, Phoenix Technologies and AMD have already fixed the vulnerability of the two drivers whose signature is still valid. Intel also fixed a vulnerability in the stdcdrv64.sys driver. Windows users should make sure their drivers are up to date and have a valid certificate.
They should also avoid downloading drivers from untrusted sites or failing hypervisor code protection (HVCI), which can prevent malicious drivers from running.