At the DEFCON 2019 conference, cybersecurity firm Eclypsium shared more than 40 different drivers from 20 hardware vendors poor code that could be potentially exploited for an escalation of privilege attack.

Even more worrisome, all these drivers had been certified by Microsoft.  Microsoft clarified: “In order to exploit vulnerable drivers, an attacker would need to have already compromised the computer.” The list of companies affected includes major BIOS vendors as well as hardware manufacturers. However, the issue here is the fact that an attacker who has compromised the system at Ring 3 in the above representation of privilege levels, could then gain kernel access. In order to protect themselves from bad drivers, Microsoft advises users to utilize “Windows Defender Application Control to block known vulnerable software and drivers.” It also stated, “Customers can further protect themselves by turning on memory integrity for capable devices in Windows Security.”