In August, Eclypsium researchers found multiple serious vulnerabilities in more than 40 device drivers from tens of vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gigabyte, Huawei,
The experts warn that the vulnerabilities that can be exploited by attackers to deploy persistent backdoor on vulnerable systems.
The experts pointed out that since they reported the issued to the vendor, only Intel and Huawei addressed them with patches and advisories, while Insyde and Phoenix provided patches to their OEM customers.
According to Eclypsium, Intel addressed a vulnerability in its PMx Driver (PMxDrv). The vulnerability could be exploited to have full access to the devices. The driver implements a superset of all the
“This level of access can provide an attacker with near-omnipotent control over a victim device. Just as importantly, this capability has been included as a staple component of many Intel ME and BIOS related
Experts recommend users and organizations to enable Hypervisor-protected Code Integrity (HVCI) for devices that support the feature.
This option will only work with 7th generation or newer processor, new processor features such as mode-based execution control, this means it will not possible to enable HVCI on many devices.
The only universally effective possible consist of blocking or blacklisting old,
“The only universally available option possible today is to block or blacklist old, known-bad drivers. To this end, we would like to specifically commend the response of Insyde Software, a UEFI firmware vendor. Of the 19 vendors we notified early this summer, Insyde is the only vendor to date to proactively contact Microsoft and ask that the old version of the driver be blocked.” concludes the report. “Due to this request, Windows Defender will proactively quarantine the vulnerable version of the driver so it can’t cause damage to the system.”