Buggy Windows Kernel Drivers Cause Security Failure!

Posted on May 17, 2010 at 9:31 pm by Donna Warren

First, a little background is necessary. Most of the applications running on the Windows operating systems are extremely complex programs. To find a way around having to wait for Microsoft to create sufficient APIs (Application Programming Interfaces) to allow the software to use the processor more efficiently, software vendors began to make direct modifications to the user and kernel code data structure. These modifications are called “hooks”. A typical program may use as many as a hundred “hooks” to provide the user functionality of the program.

The problem stems from the fact that many of the vendors did a poor job of implementing their kernel and user mode hooks. As a result, security holes were created in the operating system.

Why is there a Problem?

These hook functions are exported by many of the operating system’s dynamic link libraries such as kernel32.dll, user32.dll, advapi32.dll and ntdll.dll. When multiple hooks are being used simultaneously, it allows a malicious program to use the libraries hooks and bypass all the security controls designed to prevent that from happening.

This problem was first discovered way back in 2007 and most of the major software vendors’ improved their kernel mode drivers and eliminated the problem, at least with their software. The problem is that many did not continue to maintain the quality of their drivers with each software and operating system upgrade so the problem has resurfaced and affects window XP SP3, Vista SP1 on 32-bit platforms and windows 7 on both 32-bit and 54-bit platforms.

“Wait a Minute”, You Say, “I have a Question?”

If independent security testers and hackers can discover these problems, why can’t the software vendors find them when they are doing security testing on their software?

My Opinion

You ask a very good question. Personally, I think security is the last thing on the software vendor’s agenda. They are focused on releasing the product and have the attitude that they can fix any problems later with patches and service packs.

This attitude could make the software company go out of business unless they happen to make security software that is designed to correct these kind of problems. The bad thing is that it leaves us, the users, with PCs that can be easily hacked.

Microsoft, isn’t there something you can do to help us?

Comments are closed.