Takahiro Hauryama, security researcher at VMware Carbon Black, discovered and documented 34 vulnerabilities in Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers for older devices. Some of the vulnerable drivers affect products from AMD, Intel, NVIDIA, Dell and Phoenix Technologies.
According to the available data, the researcher discovered vulnerabilities, the exploitation of which could allow attackers to gain complete control of the attacked system. He created PoC exploits for some vulnerabilities to demonstrate how they can be used to modify the BIOS or escalate system privileges.
It is noted that some vulnerable drivers have expired signatures, but the list also includes drivers with valid signatures. More detailed information about the researcher’s work and the IDAPython script to automate the search for vulnerable drivers can be found on the VMware developer blog.
The researcher is also known to have informed vendors whose products are affected by this issue about the discovered vulnerabilities. Although several months have passed since then, only AMD and Phoenix Technologies have released patches for the identified vulnerabilities in the two drivers with valid signatures.