Skip to main content

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs.If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you're probably screwed.


A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware in a way that remains undetected over time, sometimes for years.

For sophisticated attackers, maintaining persistence after compromising a system is one of the most important tasks, and to achieve this, existing hardware vulnerabilities sometimes play an important role.


One such component is a device driver, commonly known as a driver or hardware driver, a software program that controls a particular type of hardware device, helping it to communicate with the computer's operating system properly.

Since device drivers sit between the hardware and the operating system itself and in most cases have privileged access to the OS kernel, a security weakness in this component can lead to code execution at the kernel layer.

This privilege escalation attack can move an attacker from user mode (Ring 3) to OS kernel-mode (Ring 0), as shown in the image, allowing them to install a persistent backdoor in the system that a user would probably never realize.

windows driver hacking

Discovered by researchers at the firmware and hardware security firm Eclypsium, some of the new vulnerabilities could allow arbitrary read/write of kernel memory, model-specific registers (MSRs), Control Registers (CR), Debug Registers (DR), and physical memory.

"All these vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources, which could allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host," the researchers explain in their report titled 'Screwed Drivers.'

"Access to the kernel can not only give an attacker the most privileged access available to the operating system, it can also grant access to the hardware and firmware interfaces with even higher privileges such as the system BIOS firmware."

Since malware running in the user space can simply scan for a vulnerable driver on the victim machine to compromise it, attackers don't have to install their own vulnerable driver, installing which otherwise requires system administrator privileges.


All the vulnerable drivers, as listed below, uncovered by the researchers, have been certified by Microsoft.

American Megatrends International (AMI)

ASRock

ASUSTeK Computer

ATI Technologies (AMD)

Biostar

EVGA

Getac

GIGABYTE

Huawei

Insyde

Intel

Micro-Star International (MSI)

NVIDIA

Phoenix Technologies

Realtek Semiconductor

SuperMicro

Toshiba

The list also includes three more hardware vendors which researchers did not name yet, as they are "still under embargo due to their work in highly regulated environments and will take longer to have a fix certified and ready to deploy to customers."

"Some vulnerable drivers interact with graphics cards, network adapters, hard drives, and other devices," researchers explain. "Persistent malware inside these devices could read, write, or redirect data stored, displayed, or sent over the network. Likewise, any of the components could be disabled as part of a DoS or ransomware attack."


Device driver flaws can be more dangerous than other application vulnerabilities because it allows an attacker access to the "negative" firmware rings that lie beneath the operating system and maintain persistence on the device, even if the operating system is completely reinstalled, just like in case of LoJax malware.

Researchers have reported these vulnerabilities to the affected vendors, of which some, including Intel and Huawei, have already released patch updates and issued a security advisory.

Besides this, researchers have also promised to soon release a script on GitHub that would help users find wormhole drivers installed on their systems, along with proof-of-concept code, video demonstrations, and links to vulnerable drivers and tools.



Comments

Post a Comment

Popular posts from this blog

More Than 100 Angry Youths Chased Maracha District Officials Out of Site Meeting Over Corruption.

📸: Some of the angry Youths displaying placards as others walked in to stop the ongoing meeting by Maracha District officials. Story by Osuta Yusuf. Maracha District. 3-February-2025. 📸: Kololo Public Seed Secondary School whose construction project has again stalled. Photo by Osuta Yusuf, Our News Reporter. The angry youths from Vurra Parish, Tara Sub-county in Maracha East constituency, Maracha District have on Monday 3-Feb-2025 chased the entire Maracha District officials out of a site meeting in Kololo Seed Secondary over allegations of corruption stemming from the stalled seed school construction project. Key Maracha District officials who went for the site meeting on Monday 3-Feb-2025 include, the Security department headed by the deputy RDC Koliba Monica Kotevu and Assistant RDC Collins Dramani, the LC5 Chairperson Hon Obitre Stephen together with his DEC Councilors, the accounting  / technical department headed by the CAO Mr Olila Patrick, the Engi...
Post a Comment
Read more

Ambassador Angualia Richard Perished in a Fatal Accident.

Story by Osuta Yusuf. Arua City. 29-7-2025. 📸: Portrait of Ambassador Angualia Richard. Courtesy Photo. Former Uganda's Ambassador to Egypt, Ambassador Angualia Louis Richard has been reported dead this evening 5pm 28-7-2025 after he was involved in a head-on collision accident with another motorcycle rider near Abi Farm, Ayivu East Constituency in Arua City. 📸: Photos from the scene of the Accident. Courtesy Photos. He met his death this evening while riding on a Bajaj Motorcycle. Amb. Angualia, who contested in 2011 for Maracha County but lost to Hon Alex Onzima Adrooa. In 2016 when two Constituencies were created in Maracha District, carving Maracha Constituency and Maracha East constituency, Ambassador Angualia contested for Maracha Constituency MP position in 2016 but lost to Hon Oguzu Lee Denis. Ambassador Angualia later shifted to contest in Maracha East Constituency but again lost to Hon Ruth Lematia Molly Ondoru during the 4-September-2020...
1 comment
Read more

Lab Student Drowned, Body Missing in Rokoze Lake in Nyadri Sub-county, Maracha District.

Maracha District.  5-December-2025. 📸: Residents gathered around the lake as they searched the missing body of the student. Photo by #Information_is_Power's news reporter.  This afternoon Friday 5-December-2025, a student from St Joseph Laboratory Training School in Maracha hospital, a one  Araku Denis drowned in Rokoze water body in Nyadri Sub-county and the  body has not been retrieved upto this night as the police and residents searched for it and in vain but they are expected to resume retrieving it tomorrow Saturday 6-December-2025. 📸: Photo of the deceased which we captured on his phone screen this night. Araku and his fellow students had  reportedly gone to pass time at water point after completing exams papers of today. Him and callagues got attracted to swimming at water body where he perished.  By press time, efforts to retrieve his body proved futile as the body remains invisible on water surface.  Rokoze water body...
Post a Comment
Read more