Intel has released a security update to fix critical vulnerabilities in its PMx driver, which could enable attackers to gain near-total control over targeted Windows systems.
These vulnerabilities were discovered by firmware security vendor Eclypsium in August, as part of a project that aimed to review the general state of Windows kernel driver security.
At that time, the researchers disclosed nearly 40 bugs in kernel drivers from 17 hardware vendors, but refrained from releasing details about three vulnerabilities in Intel’s drivers.
Intel released fixes for two issues impacting Intel Computing Improvement Programme and Intel Processor Identification Utility in the same month. However, the third vulnerability, which affected the 32- and 64-bit versions the PMx Driver (PMxDrv) and was somewhat more complex, took nearly three months to be fully fixed.
Intel’s PMxDrv drivers are used in the chipmaker’s detection tools to uncover other vulnerabilities. They are also used to update Intel-based BIOS firmware, which is loaded ahead of the Windows OS.
The researchers found that the PMx driver was extremely capable and enjoyed read/write access to various parts of the system hardware, including processor registers, physical memory, peripheral component interconnect bus, global descriptor table and interrupt descriptor table.
“This level of access can provide an attacker with near-omnipotent control over a victim device,” Eclypsium researchers wrote in a blog post.
Intel has advised administrators and users to install patched versions of the drivers as earliest as possible as the capabilities of unpatched drivers can potentially be abused by attackers to reach deep into the kernel.
- Cybersecurity Fund to be Introduced in 2019 Budget – Finance Minister, Hon. Ken Ofori-AttaFinance minister, Ken Ofori-Atta has revealed that government would be introducing yet another fund- the Cyber Security Fund, as part of the … Read More
- Zipline ‘flies’ to the rescue of GhanaiansMany Ghanaians near and far have in a way or the other fallen into the cruel hands of death for many reasons … Read More
- Uber Drivers up for the new tipping feature-GhanaUber Ghana answer prayers of its drivers to embed tipping feature to the application. The option to tip Uber drivers in Ghana … Read More
Intel has also updated its firmware for the Baseboard Management Controller (BMC), which is used for monitoring of computers and servers via separate channels.
The latest version fixes 14 vulnerabilities in multiple server and compute node products, many of which could allow attackers to launch denial of service attacks or disclose confidential information stored on the target system.
One critical vulnerability, which is indexed as CVE-2019-11171, could be exploited to cause heap corruption in the BMC firmware.
Eclypsium said its research into vulnerable drivers is ongoing, and that it is currently “working with additional vendors as part of our responsible disclosure process.”
“Users and organizations should consider enabling Hypervisor-protected Code Integrity (HVCI) for devices that support the feature,” it added.
“We will continue to analyze this important area and provide updates in coordination with affected vendors.”