Quote:Realtek fixed a security vulnerability discovered in the Realtek HD Audio Driver Package that could allow potential attackers to gain persistence, plant malware, and evade detection on unpatched Windows systems.
The Realtek High Definition Audio Driver is installed on Windows computers that come with Realtek audio cards. The bug was reported to the vendor on July 10, 2019, and it received a patch on December 13, 2019.
Realtek fixed the issue in the HD Audio driver package ver.8857 or newer, while driver versions earlier than 8855 that were built using the old version of the Microsoft development tool (VS2005) are still vulnerable to attacks.
If exploited, the vulnerability tracked as CVE-2019-19705 allows attackers to load and execute malicious payloads within the context of a Realtek-Semiconductor signed process on machines running an unpatched version of the HD Audio driver.
The Realtek HD Audio Driver Package bug discovered by SafeBreach Labs security researcher Peleg Hadar requires potential attackers to have Administrator privileges prior to successfully exploiting the issue.
Even though this flaw's threat level is not immediately apparent seeing that it requires elevated user permissions and local access to be abused, such security issues are regularly rated with medium and high severity CVSS 3.x base scores [1, 2].
Attackers abuse DLL search-order hijacking bugs such as this as part of binary planting attacks designed to help them further compromise the device and to gain persistence.
Upon successful exploitation, it can be used "for different purposes such as execution and evasion" and "to load and execute malicious payloads in a persistent way," Hadar says.
Read more: https://www.bleepingcomputer.com/news/se...r-windows/
![[-]](https://www.geeks.fyi/images/collapse.png)
