back to article Don't miss this patch: Bad Intel drivers give hackers a backdoor to the Windows kernel

Nearly three months after infosec biz Eclypsium highlighted widespread security weaknesses in third-party Windows hardware drivers, you can now add Intel to the list of vendors leaving holes in their all-powerful low-level code. In a follow-up report to its August DEF CON presentation, Eclypsium found that not only are those …

  1. Duncan Macdonald Silver badge
    Trollface

    One way

    To avoid the Intel driver problems - use an AMD system instead !!!

    1. Scott 1

      Re: One way

      That sounds great, until a vuln turns up in AMD's drivers. I'm not slinging hate, btw; my home computer is a Ryzen 7. I'm just trying to stay realistic.

      1. NoneSuch Silver badge
        Mushroom

        Re: One way

        "In the meantime, users and admins are advised to protect themselves as best they can by avoiding software from untrusted sources and making sure their firmware and drivers are fully up-to-date and patched."

        Says in the article this IS trusted software signed by MS. The cycle of flawed software > patch > Oops flawed software again > patch etc. is getting really hard to swallow day after day after day. Either the core tools that make these programs is flawed, the people who write this stuff are morons, or deliberate holes are being created by unknown actors for back door access. None of those options is assuring.

        Whenever I see "Trusted Installer" in the process list, I shiver. I don't fekking trust it. They have abused my trust too often to put that title on a process and not have me laughing until I cry. Control over our personal computers and devices is slipping daily and it will not end well.

        1. Cronus

          Re: One way

          You don't have to be a moron when it comes to windows device drivers. They're not exactly trivial pieces of software to write.

          1. Michael Wojcik Silver badge

            Re: One way

            True, but that doesn't mean they're not also riddled with bugs that could be avoided or detected by better development practices, such as better coding standards, code reviews, and static code analysis.

            Much of the driver source I've seen has ranged from poor to execrable.

    2. david 12 Silver badge

      Re: One way

      To quote from one report "Too many trusted Windows 10 peripheral drivers, ... are riddled with exploitable security vulnerabilities"

      Peripheral drivers. Intel network cards, wireless, Bluetooth etc. Not just the motherboard, and perhaps not the processor chipset at all.

      Still pwned dude.

  2. Claverhouse Silver badge
    Mushroom

    Trust Me. I'm a Microsoftie

    As was noted in that DEF CON presentation by Jesse Michael and Mickey Shkatov, vulnerabilities in drivers are a huge risk because the code typically runs at the lowest levels in an operating system, has access to peripherals, storage, and applications, and thus if exploited, will grant miscreants total control over a machine. The drivers are also signed off by Microsoft and are therefore trusted by the operating system.

    In one of their Scooby-Doo raids in the past to keep out BSDs, Linux etc. etc., didn't poor old Microsoft call this sort of thing, 'Trusted Computing' ?

    1. Snowy Silver badge
      Holmes

      Re: Trust Me. I'm a Microsoftie

      In the same way a country with democratic in its named is not democratic , anything with Trusted in its named is not to be Trusted?

      1. David 132 Silver badge
        Trollface

        Re: Trust Me. I'm a Microsoftie

        ...and any political party with the words "Liberal" or "Democrat" in their name is neither liberal nor democratic?

        (trollface icon - light touchpaper, stand well back, watch fireworks)

        1. Archtech Silver badge

          Re: Trust Me. I'm a Microsoftie

          I must admit that I voted for the Conservative Party for many years just because I thought it was conservative.

          That's what they call "hiding in plain sight".

          1. Anne-Lise Pasch

            Re: Trust Me. I'm a Microsoftie

            I once considered voting for Labour... but it seemed like it involved hard work. *badum tish*

      2. Archtech Silver badge

        Re: Trust Me. I'm a Microsoftie

        And a country with a "ministry of justice" or "justice department" has no justice.

        The pattern is clear.

        Much the same holds good in business. Here in the UK, it is generally understood that any new housing development called "Lakeside" is out of sight of open water, and a place called "the Coppice" is entirely treeless.

        1. Archtech Silver badge

          Re: Trust Me. I'm a Microsoftie

          "As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws".

          - Tacitus (Annales 3:27)

        2. scrubber

          Re: Trust Me. I'm a Microsoftie

          The United Kingdom has not had a King for over 60 years. And it's not very united.

        3. Daytona955

          Re: Trust Me. I'm a Microsoftie

          Or, or rather than being beside, the lake will appear *inside* your shiny new floodplain-located home shortly after you've completed the purchase...

          1. John Brown (no body) Silver badge
            Facepalm

            Re: Trust Me. I'm a Microsoftie

            Judging by a photo of a building site where a new housing estate is going up near Doncaster, anyone who bought "off plan" may be regretting it now. I suspect they may have problems selling those new houses. The builders need waders, not wellies to work there.

        4. John Smith 19 Gold badge
          Coat

          "The pattern is clear." housing development called "Lakeside" is out of sight of open water

          Not always.

          My British friends tell me "Waterfront" is usually a euphemism for "next to a canal."

      3. Tigra 07 Silver badge
        Facepalm

        Re: Trust Me. I'm a Microsoftie

        "In the same way a country with democratic in its named is not democratic"

        Next you'll be telling me the Democratic People's Republic of Korea isn't really Democratic. They have elections you know? There's only one name on the ballot, but still, it's an election none-the-less.

        1. Archtech Silver badge

          Re: Trust Me. I'm a Microsoftie

          Ah, but isn't it much more elegant to offer two parties - and encourage the most violent and energetic campaigning between them and their supporters - provided you have previously ensured that both, if elected, will carry out the same policies?

    2. Sandtitz Silver badge
      Stop

      Re: Trust Me. I'm a Microsoftie

      "In one of their Scooby-Doo raids in the past to keep out BSDs, Linux etc. etc., didn't poor old Microsoft call this sort of thing, 'Trusted Computing' ?"

      Trusted Computing includes many things, not just the TPM part. Trusted Computing Group was formed by AMD, Intel, MS, HP and IBM (according to Wikipedia). Are you sure they're not all conspiring against 'BSD, Linux etc. etc.'?

      I remember conspiracy theories how TPM chip was going to end Linux usage. Obviously didn't happen, but people here still are scared by with its magic sauce. Just like AMD and Intel are not open yet everyone are using them without a second thought.

      The same arguments with TPM were (re-)used with ACPI (Linux support was patchy when introduced), UEFI (same) and Secure Boot as well. I don't think any of those affected Linux usage at all since ACPI computers still had APM, BIOS support is/was still there and Secure Boot can be toggled on/off, and it was toggled off many times because people and companies wanted to run Win7 instead of Win8.

      1. Zippy´s Sausage Factory

        Re: Trust Me. I'm a Microsoftie

        TPM is actually banned in Russia. I have a feeling that's because they suspect TPM can be used to remotely brick the computers of a foreign power should the US government decide so to do.

        You may think their suspicions are valid, I couldn't possibly comment.

      2. Paul Crawford Silver badge

        Re: Trust Me. I'm a Microsoftie

        Are you sure they're not all conspiring against 'BSD, Linux etc. etc.'?

        They are all conspiring against us, the computer owners.

        All of those features like secure boot can be useful and helpful, but also very simple to deploy against the end user's freedom to do as they want with the machine. Can you boot your choice of OS on any of MS' ARM-based tablets yet, you know the ones that MS no longer support?

        Also the key issue of UEFI is it is so fsking complex it is bound to have bugs, probably due to adding all the code for "easier use" (compared to text-mode BIOS interfaces). Add to that the secretive God-mode engine management sort of blobs lurking deep in your system and anyone who really cares about privacy or security is bound to be worried.

    3. LDS Silver badge

      Re: Trust Me. I'm a Microsoftie

      A signed driver just ensures it's from what it says it is - if it's an Intel driver you know it's the original Intel driver and not something else. But it's not a quality assurance.

      WHQL drivers may undergo more extensive testing for functional quality, but I doubt they are tested for security.

      It's not different from a Linux package signature - it only ensures where the code is from, not that it is bug free and doesn't contain vulnerabilities.

      1. Anonymous Coward
        Anonymous Coward

        Re: Trust Me. I'm a Microsoftie

        "WHQL drivers may undergo more extensive testing for functional quality, but I doubt they are tested for security."

        I'm assuming the drivers in question are WHQL approved due to being a backdoor into Windows.

        If the story was "WHQL drivers focus on stability instead of security - this needs to change" I suspect we would have had more understanding and less confusion about what to expect from drivers.

        No third-party assessment << third-party assessment and testing << secure drivers

    4. TeeCee Gold badge
      Meh

      Re: Trust Me. I'm a Microsoftie

      The key difference is that, with an Open Source O/S, after a vuln is found in a kernel mode driver and the system's been pwnd, you can look at the source and say; "Fuck me. Somebody should have spotted that obvious cockup.".

  3. Gene Cash Silver badge

    Pah, I have Linux!

    I have holes in systemd and sendmail to worry about...

    1. Roger Kynaston
      Happy

      Re: Pah, I have Linux!

      at least sendmail is easy to deal with - postfix! :-)

      1. CrazyOldCatMan Silver badge

        Re: Pah, I have Linux!

        sendmail is easy to deal with - Qmail!

        There - fixed that for you..

        (Mind you - qmail works in a *very* different fashion to sendmail/postfix/exim et. al.)

  4. Anonymous Coward
    Anonymous Coward

    This needs a name...

    I suggest 'Back door battery'. I leave the actual logo to someone else, but you could always start with the 'Paris' icon and see where it takes you.

  5. joeW Silver badge

    "users and admins are advised to protect themselves as best they can by avoiding software from untrusted sources"

    Not much help in this case, surely?

    1. cosymart
      Meh

      What we need is a computer sized condom especially when poking strange things :-)

      1. Tigra 07 Silver badge
        Trollface

        Protect your ports people!

        https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fblog.chinavasion.com%2Fwp-content%2Fuploads%2F2014%2F08%2F3656823-data-security-concept-condom-over-usb-cable-e1409303258308.jpg&f=1&nofb=1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019