Device Drivers at Risk

Now there's another weak link to worry about: the device driver. The vulnerability in Microsoft's Windows Server Service revealed in yesterday's Patch Tuesday fixes was a chilling preview of the risks associated with today's device drivers. (See The Patch Race Is On.)

The hole in Windows Server Service is one of the first and most high-profile device-driver vulnerabilities to emerge, and it's a topic that's been near and dear for some time to David Maynor, senior security researcher for SecureWorks. Maynor, along with researcher and graduate student Jon Ellch, will give a presentation on device-driver vulnerabilities on August 2 at the Black Hat Conference in Las Vegas.

"In the last year, I've theorized that we will see a lot more of these types of device-driver attacks and this is one example" of the threat, Maynor says. Device-driver code is often written in a patchwork manner, typically by both hardware and software engineers and with no regard to security, he says. Plus there's no certification process for this code, so it can easily be manipulated.

Get the rest of the story at Dark Reading.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Be the first to post a comment regarding this story.
Sign In