Drivers are an essential group of files that allow a hardware component(s) to communicate with the computer’s operating system (OS). If an attacker successfully exploits a kernel-based driver, the user might as well sign away the OS to the attacker.
This article details driver security in Windows 10, including fundamentals of driver signature enforcement, driver security threat modeling, the Windows 10 driver security checklist and driver security challenges.
Driver security fundamentals
Driver security is a trade-off between security and usability. Security and usability must be balanced, so the level of security implemented is appropriate and the usability of the drive is high enough to satisfy the user. Open, high-level usability profiles contribute to recurring security issues with Microsoft products.
Just like in other versions of Windows, users must have administrator privileges to install drivers in Windows 10. These drivers also must be from trusted sources (and even this may not keep a Windows 10 system safe from driver security issues which will be discussed below).
Vulnerabilities within drivers plague information security professionals, and this is exacerbated by Windows 10 drivers that run in kernel mode. Drivers running in kernel-mode operate on ring 0 in an x86 system. This means that if an attacker exploits the driver, the whole OS could be compromised.
For those needing clarification on this point, most device drivers operate one ring above, on ring 1, which is separated from the lower-level rings for security purposes as they house more central components to the system. If they get attacked or go down, your system will be in major trouble.
Security updates for drivers are automatically downloaded in Windows 10, which is the default setting for nearly all updates. However, Windows 10 users may need to manually install driver updates that have not downloaded and (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/RwP-BWrfgCY/