Merry Hackmas: multiple vulnerabilities in MSI’s products
This blog post serves as an advisory for a couple MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with.All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual address user-space.Read/write Model-Specific Registers... Driver Buddy Reloaded
As part of Yarix's continuous security research journey, during this year I’ve spent a good amount of time reverse-engineering Windows drivers and exploiting kernel-mode related vulnerabilities.While in the past there were (as far as I know), at least two good IDA plugins aiding in the reverse engineering process:DriverBuddy of NCC Group.win_driver_plugin of F-Secure.unfortunately, nowadays, they are both rusty, out... Crucial’s MOD Utility LPE – CVE-2021-41285
Crucial Ballistix MOD Utility is a software product that can be used to customize and control gaming systems, specifically LED colours and patterns, memory, temperature, and overclock.During my vulnerability research, I’ve discovered that this software utilizes a driver, MODAPI.sys, containing multiple vulnerabilities and allowing an attacker to achieve local privilege escalation from a low privileged user to NT AUTHORITY\SYSTEM.Advisory...