Security company Crowdstrike writing now that the cybercriminal gang Scattered Spiders’ activity is exploiting an old vulnerability (CVE-2015-2291) in MITRE’s CVE program to inject its own malicious drivers into the Intel Ethernet Diagnostics Driver for Windows (iqvw64.sys).
This could allow the attackers to overload the system and or run arbitrary code with kernel privileges in Windows.
Crowdstrike writes that by prioritizing patching vulnerable drivers, it is possible to prevent this and similar attack opportunities that involve exploiting signed drivers.
Read also: Time for new security updates from Microsoft
