BYOVD: Vulnerable Drivers Exploitable Without Hardware

Colleagues, I’d like to draw your attention to a cybersecurity article demonstrating that many Windows drivers remain reachable from user mode without the corresponding hardware.
- Core: kernel vulnerabilities can be made exploitable by manipulating initialization (AddDevice, device objects).
- Practice: creating software PnP devices (devcon/SetupAPI, SoftwareDevice), forcing driver binding and reordering filters.
- Limits: hardware probe checks usually require KM components or a hypervisor.
Why it matters: expands the set of BYOVD candidates and necessitates monitoring for 'fake' devices and changes to Upper/LowerFilters.
What detection and prevention measures would you prioritise?
#cybersecurity #drivers #BYOVD #infosec


Latest comments
No comments yet.