Direct Memory Access Attacks - A Walk Down Memory Lane (Jan 30, 2020)
Researchers from Eclypsium have released reports that disclose vulnerabilities in Dell and HP laptops that allow threat actors to exploit the Direct Memory Access (DMA) abilities of an end user’s machine. This would allow threat actors to read and write memory from the user’s memory by ignoring the main Central Processing Unit (CPU) and Operating System (OS). The ability to overwrite memory potentially provides threat actors control of kernel execution and privilege escalation to carry out additional malicious activity. Eclypsium, to provide evidence, tested recently released laptops including the Dell XPS 13 7390 2-in-1 and the HP ProBook 640 G4 with both having different vulnerabilities.
Recommendation: The security update should be applied as soon as possible because of the high criticality rating of this vulnerability and the potential for an actor to take control of an affected system. Additionally, your company should have policies in place to review and apply security updates for software in use to protect against known vulnerabilities that threat actors may exploit.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.