skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Vulnerabilities in Windows Drivers Exploited by Cybercriminals

/ 1 min read

🔧 Research Highlights Vulnerabilities in Windows Drivers Exploited by Cybercriminals. A recent study presented at the AVAR conference reveals the increasing use of the Bring Your Own Vulnerable Driver (BYOVD) technique by threat actors to exploit known vulnerabilities in Windows drivers. The research identifies three primary payloads used in these attacks: local privilege escalation, loading unsigned kernel code, and bypassing endpoint detection and response (EDR) tools. Notably, ransomware groups have adopted BYOVD tactics to disable security measures and facilitate attacks. Despite improvements in Windows security, legacy drivers remain a significant risk, necessitating ongoing vigilance and the implementation of best practices to mitigate potential threats. The study emphasizes the importance of monitoring driver load events and utilizing blocklists to protect against known vulnerabilities.

Source
{entry.data.source.title}
Original