How Vulnerable Drivers Are Found and Fixed

What are drivers, who creates them, and why do they need updating?

What are drivers?

Drivers are a type of software that allow hardware devices (like your camera, printer, or even the sound card in your computer) to communicate with your PC’s operating system. This communication is essential, and it’s what allows your hardware to work properly and as expected.

Who creates drivers?

The drivers are created either directly by the manufacturers of the hardware or by software companies who supply these manufacturers. Each driver is usually created for a specific hardware to ensure that it can properly communicate with your PC.

Why do drivers need updates?

Over time, manufacturers update their drivers to improve hardware functionality, fix bugs, or ensure more security. It’s similar to the way that other software gets updated regularly, like mobile apps or programs.

These updates are almost always an improvement. Sometimes the improvements are more visible (like improved graphics or sound) and sometimes they’re more hidden (like with the security updates), but they’re always something the manufacturer believes will make the driver better.

How do driver vulnerabilities occur?

Drivers are programs — and programs can sometimes be faulty or contain security holes.

The severity of holes in drivers lies in the fact that they operate in kernel mode. Since drivers operate in kernel mode (instead of user mode like other applications), they're able to access or impact your operating system.

What’s kernel mode?

Your PC’s Central Processing Unit (CPU) allows Windows to run, and it has two modes of operating — user mode and kernel mode. In user mode, each application runs in an isolated space, so applications can’t access the space reserved for your operating system. So if an app crashes in user mode, it won’t have an impact on any other process. In kernel mode, all applications run in one shared space together with the operating system. So when a driver crashes in kernel mode, it also causes the entire operating system to crash.

If the driver is misused by an attacker who exploits the driver’s vulnerabilities, the whole operating system may be compromised. That is why driver vulnerabilities are more severe by nature than the vulnerabilities in other apps running in user mode.

The armed vehicle example

Imagine that each driver on your PC is like a real, professional driver of an armed vehicle that’s transporting money. In this analogy, your PC is the armed vehicle, your antivirus is the bullet proof shield, and the money in the vehicle is your data.

Transporting money can make you an easy target since there’s precious cargo involved. You could encounter hijackers or criminals that are trying to steal the money, which would be like malware that can compromise or steal your data. Or, your vehicle might crash, which would be like your PC system crashing.

So let’s imagine some of the different scenarios that might happen while your armed vehicle is transporting money.

A safe driver is the type of driver that you’ll find most often. These vehicle drivers are well trained and know all the security protocols for transporting money, which makes them much less vulnerable to hijackers, so their risk of an attack is little to none. Moreover, a safe driver would have lots of experience and would always follow all the rules of the road. This means that they’re good drivers that wouldn't crash the vehicle from reckless behavior.

These safe vehicle drivers are like safe PC drivers which allow your hardware to work properly and wouldn't compromise your data in any way.

Vulnerable drivers that cause crashes are somewhat frequent. This is a vehicle driver who drives recklessly, making them more likely to have an accident and crash their vehicle because of their unsafe behavior. These vehicle drivers are just like vulnerable drivers on a computer that might cause your PC to crash repeatedly.

Vulnerable drivers that lead to stolen data are less common, but very problematic.

These types of vehicle drivers aren't trained well and are unfamiliar with security protocol. If they’re targeted while driving, they can’t protect the money from hijackers, who can then get into the vehicle and steal the money. Like the hardware driver on the PC which allows attacks and data breaches from outside.

Vulnerable drivers that are created by criminals are very uncommon, but extremely problematic. This is like when a truck driver is a criminal themself and they create or participate in a plan to steal money from the armed vehicle that they’re driving. This would be the hardware driver with a single purpose, which is stealing data or corrupting the system.

Are vulnerable drivers really a problem?

There are two recent examples that illustrate how risky vulnerable drivers can be. After finding vulnerabilities in some widely used hardware, these examples are also a reminder of why it’s important to stay vigilant about cybersecurity.

Hewlett-Packard

Hewlett-Packard recently corrected a vulnerable driver (CVE-2021-3438) that was discovered by SentinelLabs earlier this year (you can read the article from SentinelLabs here). Their investigations revealed that this vulnerable driver was hidden for 16 years and was installed on millions of computers with printers from Dell, Hewlett Packard, Samsung, and Xerox.

According to SentinelLabs, if attackers had successfully exploited this driver vulnerability, attackers might be able “to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights”. SentinelLabs claims that this vulnerability hasn't been exploited yet, and that “HP released a security update on May 19th to its customers to address this vulnerability”. However, this doesn’t mean that everyone with that driver has updated it to the safer version, and in case attackers exploit this security hole, there are still many people who could be impacted by those attacks.

Nvidia

Nvidia also recently fixed 8 driver vulnerabilities in their GPU display drivers. One of them (CVE‑2021‑1089) was rated 7.8 (high) on the Common Vulnerability Scoring System (CVSS). CVSS is a framework widely used to characterize and define the severity of software vulnerabilities. You can read more about the CVSS here, through the Forum of Incident Response and Security Teams (FIRST) site.

In a security bulletin from July 2021, Nvidia acknowledged the vulnerability saying, “This update addresses issues that may lead to information disclosure, data tampering, and denial of service”. Nvidia also directed people to a link where a security update was available to fix this vulnerability.

How do vulnerabilities get fixed (on your PC)?

Step 1: Discovering vulnerabilities

Driver vulnerabilities are usually found by hardware manufacturers and sometimes by other parties like ethical hackers (the good guys who search for security risks). Once found, these people will inform manufacturers of the vulnerability so they can find a way to fix it.

Once manufacturers find out about vulnerabilities, they can fix them and solve the problem with either a patch or a full driver update. Usually, manufacturers release fixes quite quickly since their reputation is at stake here and these vulnerabilities put their customers at risk.

After these vulnerabilities are fixed, manufacturers will usually publish information about the vulnerability with instructions on how customers can fix the problem on their own PCs. Depending on how many people are impacted, some media outlets may also report on these vulnerabilities (like with the HP case). Despite this public information, there are almost always some people that won't hear this news. In reality, often a small percentage of people will be alerted since most manufacturers don't have a direct channel to reach the people who use their products.

Step 2: Fixing the vulnerability on your PC

Once a fix is released by manufacturers, there are a few ways that people can apply these changes to their own PCs.

You can fix or update the driver yourself

If and when you learn about a vulnerable driver, you can usually find safer updates on manufacturer websites. Once it’s available, you can update the driver manually.

However, if you don’t check manufacturers’ websites regularly, or if the vulnerability isn't highlighted by the media, most people would never know that there’s a problem.

If you believe there might be an issue with your driver, you can search the manufacturer’s website or use a search engine to look for the driver name along with the keyword “vulnerability”.

Windows can update your drivers

Windows Update can help you update some of the drivers automatically, or you can update them manually through this tool. You can read more about updating with Windows Update in our article How to Update Your Device Drivers for Windows.

Avast Driver Updater can fix or update drivers for you

Updating your PC drivers through a high-quality driver updater program is the quickest and easiest way to update all the drivers on your PC in one place. Avast Driver Updater is one example of a program that can do this for you. Driver Updater keeps your drivers updated, but it also keeps you safe from vulnerabilities. Driver Updater collects known vulnerability reports from different sources, flags problematic drivers as vulnerable, and then notifies customers as soon as a safer update is available. By using Avast Driver Updater, you can find out which drivers you should fix immediately to protect your data and your PC.

What’s the value of Avast Driver Updater?

With Driver Updater, there’s no need to spend time searching for individual driver updates.

If you are looking for each outdated driver one-by-one, updating your drivers can be quite a lengthy process. Since there are many different types of drivers installed on an average PC and updates are released irregularly, it's nearly impossible to know when the drivers need updating without searching manually or using a tool.

Even if you know which drivers to look for, finding these updates can also be difficult. You need to know the driver name and your system setup so you can download the correct update for your PC.

It’s also common to have some older products that were discontinued, so for those products, the drivers wouldn’t be available on the official manufacturer site anymore, which may lead you to find unofficial and risky updates from untrusted sources.

Avast Driver Updater scans for updates to all your drivers regularly and notifies you when new updates are available. Driver Updater is based on a huge database of over 9 million driver updates, giving you access to updates for new and old hardware accessories.

Avast Driver updater - security and assurance

Avast takes your security very seriously, and Avast Driver Updater demonstrates this through the combination of security and performance coverage built into the product.

Here are three specific ways that Driver Updater ensures that all the updates in our database are safe, working properly, and ready for your PC:

Vulnerabilities

We maintain a list of known driver vulnerabilities so we can inform our Avast Driver Updater customers about vulnerable drivers and help them update their drivers to a safer version.

Malware check

We scan all the drivers in our database with our award-winning antivirus technology. So that we can make Avast Driver Updater one of the safest ways to update your drivers.

Compatibility

We do pre-installation checks for all drivers that are approved to work for a specific version of Windows. That way, we make sure the drivers will really fit your system.

Stay up to date with a long term free trial

Try the new version of our Avast Driver Updater with vulnerable driver detection for 90 days free. There’s no card info required. We’ve got your back.