MADRID, Oct. 17 (Portaltic/EP) –
Thousands of computers with Windows operating system were at risk of being infected by ‘malware’ for almost three years due to an alleged failure of the Microsoft drivers, which would have stopped working correctly.
The controllers are files that a computer’s operating system uses to communicate with external hardware and devices. These include printers, graphics cards, webcams, and other peripherals.
To work, the controllers need access to the kernel of the operating system or kernel of the computer and each of them is required to be signed as secure, which indicates that the communication is protected.
In the event that a controller that presents this digital certificate and, in turn, has a ‘bug’ or security error, cybercriminals can exploit it, directly access the system and control the victim’s device.
This is the risk to which Windows users would have been exposed, developed by Microsoft, which would not have been able to adequately protect computers with this operating system from malicious drivers for almost three years.
According to a report by Ars Technica, Windows would have put its users in danger by not updating its block list in Windows Updatewhich adds and monitors new drivers to make sure they are safe and free of vulnerabilities .
To manage them, Microsoft uses the Hypervisor-Protected Code Integrity (HVIC), which comes by default on various Microsoft devices and which protects the system against malicious drivers. However, this system would not have worked properly in the last three years, so users would have been exposed to cyberattacks.
Specifically, Ars Technica cites the malicious software injection technique known as BYOVD, that makes it easy for cybercriminals to gain administrative control of the system and bypass Windows kernel protections.
This malware is characterized in that it does not write an exploit from scratch to infect devices, but instead allows hackers to install third-party drivers with known vulnerabilities and directly access some of the most secure areas of the system.
To prove this fault in the HVICthe aforementioned medium has turned to the senior vulnerability analyst at ANALYGENCE, Will Dormann, which found that it had no problem loading a malicious driver (WinRing0) on a device with Microsoft’s security system. All this, despite the fact that this driver was included in the driver block list.
Later, Dormann discovered that this ‘blocklist’ had not been updated since 2019 and that attack surface reduction (ASR) features also did not protect systems against rogue drivers.
In this way, for almost three years, cybercriminals they could have loaded drivers malicious in Windows systems due to the total lack of protection of their systems.
From Ars Technica they point out that a Microsoft project manager, Jeffrey Sutherlandhas responded to Dormann’s posts on Twitter and has admitted that there had been problems in the process of updating the blocked driver list.
“We are solving the problems with our service process that has prevented devices from receiving updates to our policy”, added this manager on said social network.
In addition, he has shared a tool which allows Windows 10 users a tool to deploy the corresponding updates on the list of blocked drivers.
At the moment, Microsoft has not clarified what could be causing this error in its HVCI protection system nor has it made any reference to the number of users who would have been exposed to these attacks.
#Microsoft #exposed #users #malware #attacks #years #due #bug #drivers