Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

Threat: Vulnerable Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for, making them exploitable. Affected: Windows systems with vulnerable drivers. Attack vector: Driver-oriented vulnerability research and exploitation.

1. Researchers used the Windows Driver Kit (WDK) and the Driver Verifier tool to analyze and exploit vulnerable drivers.
2. The exploitability of individual driver findings is often hardware-gated, but researchers found a way to interact with drivers from user mode without the required hardware.
3. The attack chain involves using the Driver Verifier tool to identify vulnerable drivers and then exploiting them using user-mode code.
4. Detection opportunities include monitoring system calls and registry modifications related to driver installation and configuration.

T1210 - Exploit Public-Facing Application

Update to the latest Windows Driver Kit (WDK) and Driver Verifier tool to ensure you have the latest security patches and features. Implement a driver whitelisting policy to restrict the installation of unsigned drivers.