__/ [ Larry Qualig ] on Wednesday 14 June 2006 13:58 \__
> Roy Schestowitz wrote:
>> Intel: Driver flaws no major threat--yet
>>
>> ,----[ Quote ]
>> | Flaws in driver software may be worrisome and a potentially serious
>> | threat, but security experts at Intel see no need for alarm. At least,
>> | not yet.
>> |
>> | In a recent experiment, researchers at the Santa Clara, Calif.-based
>> | chipmaker searched for publicly known vulnerabilities in drivers for
>> | Microsoft's Windows operating system. They also hunted for malicious
>> | code that took advantage of those security holes. In particular, they
>> | wanted to find problems in kernel-level drivers and exploits that would
>> | give an attacker full rein over a vulnerable system.
>> `----
>>
>> http://news.zdnet.com/2100-1009_22-6083511.html
>
> The dishonest thread title has been corrected.
>
> <quote>
>
> In a recent experiment, researchers at the Santa Clara, Calif.-based
> chipmaker searched for publicly known vulnerabilities in drivers for
> Microsoft's Windows operating system. They also hunted for malicious
> code that took advantage of those security holes. In particular, they
> wanted to find problems in kernel-level drivers and exploits that would
> give an attacker full rein over a vulnerable system.
>
> The search came up almost empty.
>
> "It was difficult to find something that was useful for us," David
> Schulhoff, a senior information security specialist at Intel, said
> Monday in a presentation at the Computer Security Institute's annual
> NetSec event. "There really are not that many Windows kernel-mode
> driver vulnerabilities out there."
>
> Other security experts agree with Intel's assessment.
> </quote>
I only now realise that my cursory look at the title and the first paragraph
had me misled completely. Apologies about that one. having said that, I came
across sentences such as:
,----[ Quote ]
| Another problem was that many of issues found were old flaws in third-party
| software. "Actually getting the vulnerable code proved to be impossible,"
| he added.
|
| Also, many of the vulnerabilities Intel looked at were flaws that were
| local, meaning attackers had to have on-site access to the PC, and that
| allowed them only to elevate their system privileges. These issues can't
| be ignored, but aren't nearly as serious as vulnerabilities that let
| hackers commandeer a computer remotely.
|
| [...]
|
| Ultimately, Intel researchers found a vulnerability in a Microsoft driver
| called TCPIP.sys, a part of Windows. Microsoft provided a fix for that
| "critical" flaw in April last year, in security bulletin MS05-019.
| Malicious code for the security problem is publicly available.
|
| [...]
|
| Though Intel researchers didn't manage to commandeer a computer with
| kernel-level malicious code, that doesn't mean there is no need for people
| to be wary of such issues, Schulhoff said. On his Windows machine, he
| found 336 ".sys" driver files in the Windows System folder. Of those,
| 218 were created by Microsoft and 24 by other companies he would trust,
| he said--but 94 others were questionable.
|
| "That is certainly a concern. Who is putting this code on your system?
| And can you count on them to write secure code?" Schulhoff said. Also,
| he said it is not uncommon for developers to write drivers that don't
| access hardware, but perform some other task on the machine. That could
| mean more untrusted sources of driver code on a computer.
|
| [...]
|
| The threat level may change, the Intel experts said. However, that may
| take a while, since attackers likely will first exploit the low-hanging
| fruit--the vulnerabilities in other software that are easier to take
| advantage of than the device driver bugs, said Alan Ross, a lead security
| architect at Intel.
|
| "When device driver malware may come into play is once there are
| effective mitigations for the user mode stuff," he said. "But I don't
| even want to give a time frame."
`----
So it is not crystal clean, either. That said, the subject line was *not
deliberately* misleading. Again, I truthfully apologise.
|
|
