HP OMEN Gaming Hub Flaw Impacts Thousands and thousands of Home windows Computer systems

HP OMEN Gaming Hub

Cybersecurity researchers on Tuesday disclosed particulars a couple of high-severity flaw within the HP OMEN driver software program that impacts hundreds of thousands of gaming computer systems worldwide, leaving them open to an array of assaults.

Tracked as CVE-2021-3437 (CVSS rating: 7.8), the vulnerabilities may permit risk actors to escalate privileges to kernel mode with out requiring administrator permissions, permitting them to disable safety merchandise, overwrite system elements, and even corrupt the working system.

Cybersecurity agency SentinelOne, which found and reported the shortcoming to HP on February 17, stated it discovered no proof of in-the-wild exploitation. The pc {hardware} firm has since launched a security update to its clients to handle these vulnerabilities.

The problems themselves are rooted in a part referred to as OMEN Command Center that comes pre-installed on HP OMEN-branded laptops and desktops and can be downloaded from the Microsoft Retailer. The software program, along with monitoring the GPU, CPU, and RAM by way of a vitals dashboard, is designed to assist fine-tune community site visitors and overclock the gaming PC for quicker pc efficiency.

“The issue is that HP OMEN Command Middle features a driver that, whereas ostensibly developed by HP, is definitely a partial copy of one other driver stuffed with recognized vulnerabilities,” SentinelOne researchers said in a report shared with The Hacker Information.

“In the proper circumstances, an attacker with entry to a company’s community can also achieve entry to execute code on unpatched methods and use these vulnerabilities to realize native elevation of privileges. Attackers can then leverage different methods to pivot to the broader community, like lateral motion.”

The motive force in query is HpPortIox64.sys, which derives its performance from OpenLibSys-developed WinRing0.sys — a problematic driver that emerged because the supply of a neighborhood privilege escalation bug in EVGA Precision X1 software program (CVE-2020-14979, CVSS rating: 7.8) final yr.

“WinRing0 permits customers to learn and write to arbitrary bodily reminiscence, learn and modify the model-specific registers (MSRs), and skim/write to IO ports on the host,” researchers from SpecterOps noted in August 2020. “These options are supposed by the motive force’s builders. Nonetheless, as a result of a low-privileged person could make these requests, they current a possibility for native privilege escalation.”

The core concern stems from the truth that the motive force accepts enter/output management (IOCTL) calls with out making use of any form of ACL enforcement, thus permitting dangerous actors unrestricted entry to the aforementioned options, together with capabilities to overwrite a binary that is loaded by a privileged course of and finally run code with elevated privileges.

“To scale back the assault floor offered by machine drivers with uncovered IOCTLs handlers, builders ought to implement robust ACLs on machine objects, confirm person enter and never expose a generic interface to kernel mode operations,” the researchers stated.

The findings mark the second time WinRing0.sys has come underneath the lens for inflicting safety points in HP merchandise.

In October 2019, SafeBreach Labs revealed a essential vulnerability in HP Touchpoint Analytics software program (CVE-2019-6333), which comes included with the motive force, thus doubtlessly permitting risk actors to leverage the part to learn arbitrary kernel reminiscence and successfully allowlist malicious payloads by way of a signature validation bypass.

Following the disclosure, enterprise firmware safety firm Eclypsium — as a part of its “Screwed Drivers” initiative to compile a repository of insecure drivers and make clear how they are often abused by attackers to realize management over Home windows-based methods — dubbed WinRing0.sys a “wormhole driver by design.”

The invention can be the third in a collection of safety vulnerabilities affecting software program drivers which have been uncovered by SentinelOne for the reason that begin of the yr.

Earlier this Might, the Mountain View-based firm revealed particulars about a number of privilege escalation vulnerabilities in Dell’s firmware replace driver named “dbutil_2_3.sys” that went undisclosed for greater than 12 years. Then in July, it additionally made public a high-severity buffer overflow flaw impacting “ssport.sys” and utilized in HP, Xerox, and Samsung printers that was discovered to have remained undetected since 2005.

Source link