Comment by Wowfunhappy

18 hours ago

I found this part notable:

---

Let me ask you a question. How many vulnerable drivers (yes, those that can be abused by bad actors to gain kernel access) do you think the average gamer has on their Windows install? I’ll start with my own system. This is what I can immediately think of:

MSI Afterburner - RTCore64.sys driver (yes, even in the latest version) has a vulnerability that allows any usermode process to read and write any kernel memory it wishes

CPU-Z - cpuz142_x64.sys driver has (again) kernel memory read/write vulnerability and MSR register read/write

If I looked hard enough, I would most likely find more.

3 comments

Wowfunhappy

Reply
Retr0id  18 hours ago

I didn't really get the point being made there. Yes, windows kernel security posture is swiss cheese, but that's not an argument for poking more holes.

  • Wowfunhappy  18 hours ago

    Well, if nothing else, it makes me think that if you are doing truly security-sensitive work, you almost certainly need to get a separate computer for that. Whether or not you play any games with kernel-level anti-cheat, you probably have cpu-z installed.

    And if you're not doing something particularly sensitive, then security on consumer PCs must matter a lot less than some people think.

    • jeroenhd  16 hours ago

      > Whether or not you play any games with kernel-level anti-cheat, you probably have cpu-z installed.

      The problem with these is actually worse. Any program with the necessary permissions can load these drivers. Some malware likes to ship known-vulnerable drivers with one of their later stages to get kernel code execution, and Microsoft doesn't want to revoke the signatures of this malware because applications and hardware will stop working.

      You don't nee CPU-Z to be installed, you just need to run a program that decided to bundle the (old) CPU-Z driver.