Device Drivers at Risk
The hole in Windows Server Service is one of the first and most high-profile device-driver vulnerabilities to emerge, and it's a topic that's been near and dear for some time to David Maynor, senior security researcher for SecureWorks. Maynor, along with researcher and graduate student Jon Ellch, will give a presentation on device-driver vulnerabilities on August 2 at the Black Hat Conference in Las Vegas.
"In the last year, I've theorized that we will see a lot more of these types of device-driver attacks and this is one example" of the threat, Maynor says. Device-driver code is often written in a patchwork manner, typically by both hardware and software engineers and with no regard to security, he says. Plus there's no certification process for this code, so it can easily be manipulated.
Get the rest of the story at Dark Reading.
— Kelly Jackson Higgins, Senior Editor, Dark Reading