Every major BIOS vendor has ongoing issues relating to insecure drivers, according to a report by Eclypsium.
“Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host,” said Eclypsium.
The report also found that insecure drivers were present in hardware from large vendors such as ASUS, Toshiba, Nvidia, and Huawei.
“The widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft,” the report stated.
Eclypsium said that it has engaged Microsoft to offer solutions to these vulnerabilities – including the blacklisting of drivers known to be insecure.