Privilege escalation through hole in Realtek HD driver
Security service Wintercore has reported a security hole in Realtek's HD audio codec drivers which allows local users to escalate their system privileges. Realtek has already updated the drivers to plug the hole.
According to the advisory by Wintercore, the Realtek drivers check buffers incorrectly when processing input and output requests (IOCTLs). While this allows users to generate, read and write arbitrary registry keys, it also, and more critically, allows arbitrary code to be executed at SYSTEM privilege level in the kernel context.
Realtek has already made updated drivers (version 1.91) available for download on its servers. Wintercore detected the vulnerability in the drivers for Windows Vista, but the drivers for older versions of Windows may also contain the hole. Affected users should install the update soon as malicious software can use the old drivers to escalate its privileges unnoticed and without triggering User Account Control (UAC) especially under Windows Vista.
- RealTek HD Audio Codec Driver Local Privilege Escalation, security advisory by Wintercore
- High Definition Audio Codecs, download Realtek's driver update