PC USERS could be unaware of a new threat lurking within their machines.
Experts have found vulnerabilities in three drivers which attack the central component of Windows.
2
The issue was spotted in signed kernel drivers, after hundreds of tests.
These are mostly exploited by game cheat developers to circumvent anti-cheat mechanisms.
But they have also been used by several advanced persistent threat groups and in malware that is easily available to purchase.
Cyber security boffins warn it is the “unguarded gateway to Windows’ core”.
“Although there are several mechanisms employed by the CPU and/or the operating system, most of them can be bypassed with some clever techniques and are not very effective if the attacker prepares for them ahead of time,” said ESET’s Peter Kalnai, who led the research.
Experts have detailed several known cyber threats that have made use of the malicious technique, dubbed Bring Your Own Vulnerable Driver (BYOVD).
These include Slingshot, InvisiMole and RobbinHood.
Most read in News Tech
“Vulnerable drivers have been a known problem for a long time and have been abused by the game-cheating community and malware authors alike, and while some effort has been made to mitigate the effects, it is still an ongoing battle,” Michal Poslusny, malware researcher at ESET said.
“It seems that all the responsible parties involved want to solve this problem – the vendors we contacted were incredibly proactive during the disclosure process, eager to fix the vulnerabilities we uncovered.
“Microsoft is trying to strengthen the operating system from the inside.
“And last but not least, third-party security vendors are trying to come up with clever ways to detect and mitigate such drivers themselves.
“However, it seems that there is still a piece missing – a common, unified way of handling these issues including more thorough ‘disarming’ of the drivers, whether by revoking or blocklisting their certificates, or some public, shared blocklists adopted by the security companies.”
2
Warning about FAKE Microsoft emails here are the red flags to watch to protect your device
In other news, Apple has become the first company to hit a stock market valuation of $3trillion (£2.22trillion).
Popular Twitch creator Sliker has been banned from the platform after sharing nude imagery of fellow streamer Amouranth.
And internet users have been urged to check their online accounts against one of 2021’s worst cyber threats.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
