- Researchers have identified 34 new vulnerable Windows drivers that could allow threat actors to manipulate system processes and even completely take over devices without detection by security software.
- The research specifically focused on the automation of the processes of identifying vulnerable drivers through port and memory-mapped I/O.
Security researchers at VMware Carbon Black have identified a large number of Windows Driver Frameworks (WDF) and Windows Driver Model (WDM) drivers that are vulnerable to threat actors that could leverage these drivers to execute code on the system and escalate their privileges on the system, without being detected by security software solutions.
The discovery comes from research built on studies such as POPKORN and ScrewedDrivers, primarily used at VMware Carbon Black to automate the identification of susceptible drivers that allowed access through memory-mapped and port I/O.
According to the research, out of 34 vulnerable drivers, 12 could be manipulated to affect mechanisms such as kernel address space layout randomization (KASLR). At the same time, six could grant access to kernel memory, allowing the elevation of privileges…
