‘Exploiting WDM Audio Drivers’

Summary

‘For those researchers who are interested in the driver security and also for driver writers, the paper ‘Exploiting WDM Audio Drivers’ has been released.

This paper explains an attack vector inherent to certain WDM audio drivers running on Windows Vista, XP, 2000 and 2003. Successful exploitation could lead to local escalation of privileges.

The paper also covers the interesting case of es1371mp.sys, a vulnerable WDM driver that can be automatically installed through Windows Update, on systems with Ensoniq PCI 1371 based SoundCards (Certain VMware products emulate a soundcard of this type).’

Credit:

‘The information has been provided by Ruben Santamarta.
The original article can be found at: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=54


Details

Conclusion:
Writing secure drivers (secure code really) is not an easy task, there are dozens of important concepts involved, moreover a strong knowledge of the OS you are programming for is highly recommended. There is a method for modeling risks in complex systems known as the Swiss Cheese Theory . This model is widely used in Aeronautical Industry and is also suitable for analyzing risk factors within the IT security Industry. Imagine several slices of Swiss Cheese, with all those tiny holes, each of these slices is a layer that is potentially avoiding that the threat can go forward through the holes, finally reaching the last stage of system. If all the layers fail, the whole system gets compromised and you may face an airplane crashing, a building collapsing or an attacker taking the control of your computer. This paper is the story of what happens when all those ‘cheese’ layers fails.’

Categories: Reviews