Microsoft's own mistake may have left users at risk of malware attacks
Date:
Mon, 17 Oct 2022 18:09:05 +0000
Description:
A driver blocklist, which prevented crooks from installing flawed drivers,
was outdated for years
FULL STORY ======================================================================
Microsoft appears to have finally addressed an issue that could have left Windows users at risk of all kinds of cyberattacks.
A cyberattacking method called Bring Your Own Vulnerable Driver, or BYOVD for short. It revolves around the attackers installing older, legitimate software drivers, known for carrying vulnerabilities, on target endpoints . Installing a legit driver will not trigger any antivirus alarms, but will open up the backdoors for attackers to deliver more dangerous payload.
However the researchers arent happy with how the company addressed the issue, as it would seem Microsoft only created a one-time solution for a problem
that needs continuous support. No updates
The number of BYOVD attacks rose significantly in the past couple of months, prompting researchers from Ars Technica to investigate if Microsofts
solutions to the problem (which it dubbed Secured Core PCs) work as intended, or not. Thats when they realized the list hadnt been updated in quite some time.
But as I was reporting on the North Korean attacks mentioned above, I wanted to make sure this heavily promoted driver-blocking feature was working as advertised on my Windows 10 machine, Ars Technicas Dan Godin writes. Yes, I had memory integrity turned on in Windows Security > Device security > Core isolation, but I saw no evidence that a list of banned drivers was periodically updated. Read more
Installing gaming drivers might leave your PC vulnerable to cyberattacks
This devious malware is able to disable your antivirus
Check out our list of the best identity theft protection services right
now
Microsoft dismissed the initial findings as irrelevant, but as other researchers chimed in, it later changed its stance, saying it was fixing the issues with our servicing process which has prevented devices from receiving updates to the policy, Godin added.
The vulnerable driver list is regularly updated, however we received feedback there has been a gap in synchronization across OS versions, Microsoft was cited saying. We have corrected this and it will be serviced in upcoming and future Windows Updates. The documentation page will be updated as new updates are released.
While Microsoft claimed it solved the problem by having a driver blocklist thats constantly being updated, researchers discovered that the company hasnt updated the list in roughly three years. In other words, whatever vulnerable drivers were discovered in the last 24 - 36 months hadn;t been added to this blocklist, and threat actors could have used them to unplug already plugged security holes.
Microsoft has since released a new tool that allows Windows 10 users to
deploy blocklist updates that were pending for three years. But this is a one-time update process; it is not yet clear if Microsoft can or will push automatic updates to the driver blocklist through Windows Update, Godin concluded. Check out the best firewalls right now
Via: Ars Technica
======================================================================
Link to news story:
https://www.techradar.com/news/microsofts-own-mistake-may-have-left-users-at-r isk-of-malware-attacks/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)