Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (
from to on 12 Mar 2024 17:44


threaded - newest on 12 Mar 2024 18:08 collapse

It they’ve already got admin privileges, you’re already fucked. on 12 Mar 2024 18:24 collapse

Other OSes like Linux try to maintain this security boundary, though:…/kernel_lockdown.7.html on 12 Mar 2024 19:04 next collapse

That’s just a criticism of the Windows kernel.

[deleted] on 12 Mar 2024 20:43 collapse
. on 13 Mar 2024 01:10 collapse

You might be right. I think that the Linux kernel doesn’t have an ABI though, so I believe the driver has to be built for the current version of the kernel. I think the idea is also that the driver is signed by the distro, not Microsoft, so the risk of random drivers getting signed accidentally is probably much lower. on 13 Mar 2024 01:56 collapse

depends, they can also loaded via dkms which may not require it

[deleted] on 13 Mar 2024 11:52 next collapse
. on 13 Mar 2024 19:14 collapse

It kinda depends, on custom kernels DKMS can be incredibly helpful. Like for a hardened kernel, a lot of drivers may be loaded via DKMS. on 13 Mar 2024 14:09 collapse

Yeah, it actually looks like Ubuntu leaves the module signing key accessible to root on the filesystem:…

So root access basically gives you kernel access, if you just sign a malicious kernel module with the MOK.