Cybersecurity researchers on Tuesday disclosed information about a significant-severity flaw in the HP OMEN driver application that impacts tens of millions of gaming desktops all over the world, leaving them open up to an array of attacks.
Tracked as CVE-2021-3437 (CVSS score: 7.8), the vulnerabilities could make it possible for threat actors to escalate privileges to kernel mode without having necessitating administrator permissions, allowing them to disable security items, overwrite procedure components, and even corrupt the working system.
Cybersecurity firm SentinelOne, which discovered and claimed the shortcoming to HP on February 17, claimed it located no proof of in-the-wild exploitation. The pc components organization has because produced a security update to its customers to tackle these vulnerabilities.
The issues themselves are rooted in a ingredient called OMEN Command Centre that will come pre-installed on HP OMEN-branded laptops and desktops and can also be downloaded from the Microsoft Retail store. The program, in addition to checking the GPU, CPU, and RAM by means of a vitals dashboard, is intended to aid fantastic-tune network traffic and overclock the gaming Laptop for a lot quicker pc general performance.
“The difficulty is that HP OMEN Command Middle contains a driver that, although ostensibly designed by HP, is in fact a partial duplicate of a different driver whole of identified vulnerabilities,” SentinelOne scientists claimed in a report shared with The Hacker Information.
“In the proper situation, an attacker with access to an organization’s network may also obtain accessibility to execute code on unpatched systems and use these vulnerabilities to acquire local elevation of privileges. Attackers can then leverage other procedures to pivot to the broader network, like lateral movement.”
The driver in dilemma is HpPortIox64.sys, which derives its functionality from OpenLibSys-made WinRing0.sys — a problematic driver that emerged as the source of a neighborhood privilege escalation bug in EVGA Precision X1 software (CVE-2020-14979, CVSS score: 7.8) final yr.
“WinRing0 allows people to go through and publish to arbitrary actual physical memory, go through and modify the product-unique registers (MSRs), and read/publish to IO ports on the host,” scientists from SpecterOps famous in August 2020. “These attributes are intended by the driver’s builders. Nevertheless, due to the fact a reduced-privileged user can make these requests, they current an option for nearby privilege escalation.”
The core issue stems from the fact that the driver accepts enter/output regulate (IOCTL) calls without the need of implementing any variety of ACL enforcement, consequently allowing for bad actors unrestricted access to the aforementioned attributes, which include capabilities to overwrite a binary which is loaded by a privileged procedure and in the end run code with elevated privileges.
“To reduce the attack surface furnished by gadget drivers with uncovered IOCTLs handlers, builders really should enforce potent ACLs on gadget objects, verify consumer enter and not expose a generic interface to kernel method functions,” the scientists mentioned.
The results mark the next time WinRing0.sys has come less than the lens for resulting in security issues in HP items.
In October 2019, SafeBreach Labs unveiled a critical vulnerability in HP Touchpoint Analytics program (CVE-2019-6333), which will come included with the driver, hence possibly making it possible for threat actors to leverage the component to study arbitrary kernel memory and efficiently allowlist destructive payloads by means of a signature validation bypass.
Next the disclosure, enterprise firmware security business Eclypsium — as component of its “Screwed Drivers” initiative to compile a repository of insecure motorists and get rid of light-weight on how they can be abused by attackers to achieve command about Windows-centered techniques — dubbed WinRing0.sys a “wormhole driver by style and design.”
The discovery is also the third in a sequence of security vulnerabilities impacting software package motorists that have been uncovered by SentinelOne given that the commence of the calendar year.
Earlier this Could, the Mountain View-based company disclosed particulars about various privilege escalation vulnerabilities in Dell’s firmware update driver named “dbutil_2_3.sys” that went undisclosed for much more than 12 a long time. Then in July, it also designed community a high-severity buffer overflow flaw impacting “ssport.sys” and utilized in HP, Xerox, and Samsung printers that was found to have remained undetected due to the fact 2005.
Found this posting appealing? Observe THN on Facebook, Twitter and LinkedIn to go through a lot more distinctive articles we submit.
Some areas of this report are sourced from: