Windows Vista Forums

Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)

  1. #1


    MowGreen [MVP] Guest

    Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)

    And now, for the bad news:

    > Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
    >
    >
    > :: Non-Technical Description
    >
    > Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. Successful exploitation grants SYSTEM privileges to authenticated users, no special privileges are required to exploit the flaw.
    >
    > A malicious attacker can take advantage of these flaws to elevate privileges in the following forms:
    >
    > 1. Creating, reading or writing arbitrary registry keys.
    > 2. Overwriting arbitrary kernel addresses.
    >
    >
    > :: Files affected
    >
    > RTKVHDA.sys < 6.0.1.5605 (32-bit) Windows Vista
    > RTKVHDA64.sys (signed) < 6.0.1.5605 (64-bit) Windows Vista
    >
    > :: Credits
    >
    > Vulnerability discovered and researched by Ruben Santamarta.
    >
    > :: Disclosure Timeline
    >
    > 04/02/2008 - Realtek contacted
    > 04/23/2008 - Flaw fixed. Public Disclosure.
    >
    > :: Technical details - Original Advisory
    >
    > http://www.wintercore.com/advisories...y_W010408.html
    >
    RTKVHDA.sys and RTKVHDA64.sys V.6.0.1.5605 are in that updated driver
    package. Did they post a Disclaimer for the vulnerability ?

    Caveat emptor !

    MowGreen [MVP 2003-2008]
    ===============
    *-343-* FDNY
    Never Forgotten
    ===============



    Cal Bear '66 wrote:

    > New Realtek HD Audio Drivers (ver. 1.91 22 April 2008):
    >
    >
    > http://www.realtek.com.tw/downloads/...&GetDown=false
    >
    >
    > Add/Fix
    > 1.) Driver :
    > 1. Fix DTM 1.2 KS topology test fail issue.
    > 2. Customizations.
    >
    >
    > NOTE: There is now a disclaimer before you can download the drivers that it is
    > best to obtain new drivers from your computer/motherboard manufacturer since
    > they may have made customizations to their hardware; although, I personally have
    > never had a problem with the drivers downloaded directly from the Realtek site.
    >
    >
    > I Bleed Blue and Gold
    > GO BEARS!
    >
    >
    >

      My System SpecsSystem Spec

  2.   


  3. #2


    TomV Guest

    Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)

    Hi, Mow,

    I'm reading the wintercore site as indicating the versions prior to this
    release are vulnerable. If you look in #6 Products Affected, they're
    using the symbol less than (<) before the release number. I'm assuming
    6.01.5605 is the fixed release.

    Tom

    MowGreen [MVP] wrote:

    > And now, for the bad news:
    >

    >> Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
    >>
    >>
    >> :: Non-Technical Description
    >>
    >> Realtek HD Audio Codec Drivers are prone to a local privilege
    >> escalation due to insufficient validation of user-mode buffers.
    >> Successful exploitation grants SYSTEM privileges to authenticated
    >> users, no special privileges are required to exploit the flaw.
    >>
    >> A malicious attacker can take advantage of these flaws to elevate
    >> privileges in the following forms:
    >>
    >> 1. Creating, reading or writing arbitrary registry keys.
    >> 2. Overwriting arbitrary kernel addresses.
    >>
    >>
    >> :: Files affected
    >>
    >> RTKVHDA.sys < 6.0.1.5605 (32-bit) Windows Vista
    >> RTKVHDA64.sys (signed) < 6.0.1.5605 (64-bit) Windows Vista
    >>
    >> :: Credits
    >>
    >> Vulnerability discovered and researched by Ruben Santamarta.
    >>
    >> :: Disclosure Timeline
    >>
    >> 04/02/2008 - Realtek contacted
    >> 04/23/2008 - Flaw fixed. Public Disclosure.
    >>
    >> :: Technical details - Original Advisory
    >>
    >> http://www.wintercore.com/advisories...y_W010408.html
    >>
    >
    > RTKVHDA.sys and RTKVHDA64.sys V.6.0.1.5605 are in that updated driver
    > package. Did they post a Disclaimer for the vulnerability ?
    >
    > Caveat emptor !
    >
    > MowGreen [MVP 2003-2008]
    > ===============
    > *-343-* FDNY
    > Never Forgotten
    > ===============
    >

      My System SpecsSystem Spec

  4. #3


    MowGreen [MVP] Guest

    Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)

    You are correct, Tom. That bracket does indicate lesser versions of the
    drivers for Vista are vulnerable :

    > 04/02/2008 - Realtek contacted
    >
    > 04/23/2008 - Flaw fixed. Public Disclosure.

    The Public Disclosure was one day after Realtek put out the latest
    drivers. So, if anyone is reading this and has the *older, vulnerable*
    versions installed ... go get them here:
    http://www.realtek.com.tw/downloads/...&GetDown=false

    Cal Bear '66 to the rescue ... away.

    MowGreen [MVP 2003-2008]
    ===============
    *-343-* FDNY
    Never Forgotten
    ===============



    TomV wrote:

    > Hi, Mow,
    >
    > I'm reading the wintercore site as indicating the versions prior to this
    > release are vulnerable. If you look in #6 Products Affected, they're
    > using the symbol less than (<) before the release number. I'm assuming
    > 6.01.5605 is the fixed release.
    >
    > Tom
    >
    <snip>

      My System SpecsSystem Spec

  5. #4


    DarkSentinel Guest

    Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)

    "MowGreen [MVP]" <mowgreen@xxxxxx> wrote in message
    news:#Oaa3cYpIHA.3568@xxxxxx

    > And now, for the bad news:
    >

    >> Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
    >>
    >>
    >> :: Non-Technical Description
    >>
    >> Realtek HD Audio Codec Drivers are prone to a local privilege escalation
    >> due to insufficient validation of user-mode buffers. Successful
    >> exploitation grants SYSTEM privileges to authenticated users, no special
    >> privileges are required to exploit the flaw.
    >>
    >> A malicious attacker can take advantage of these flaws to elevate
    >> privileges in the following forms:
    >>
    >> 1. Creating, reading or writing arbitrary registry keys.
    >> 2. Overwriting arbitrary kernel addresses.
    >>
    >>
    >> :: Files affected
    >>
    >> RTKVHDA.sys < 6.0.1.5605 (32-bit) Windows Vista
    >> RTKVHDA64.sys (signed) < 6.0.1.5605 (64-bit) Windows Vista
    >>
    >> :: Credits
    >>
    >> Vulnerability discovered and researched by Ruben Santamarta.
    >>
    >> :: Disclosure Timeline
    >>
    >> 04/02/2008 - Realtek contacted
    >> 04/23/2008 - Flaw fixed. Public Disclosure.
    >>
    >> :: Technical details - Original Advisory
    >>
    >> http://www.wintercore.com/advisories...y_W010408.html
    >>
    >
    > RTKVHDA.sys and RTKVHDA64.sys V.6.0.1.5605 are in that updated driver
    > package. Did they post a Disclaimer for the vulnerability ?
    >
    > Caveat emptor !
    While not related to this particular issue, there are a couple of other
    issues to be aware of here too. Loading Logitech's SetPoint software will
    sometimes break the driver. A driver reinstall will fix this issue. Also,
    for those that run SAM Broadcaster, the last version of the Realtek drivers
    will sometimes kill the output. SAM must be completely uninstalled, and
    reinstalled from scratch. Would pretty much advise that unless the update
    fixes issues that are currently being experienced to stay with what is
    working.

    --
    Sanity calms, but madness is more interesting.
    http://www.lockergnome.com/darksentinel
    Undo the munge to reply by email

    > Cal Bear '66 wrote:
    >

    >> New Realtek HD Audio Drivers (ver. 1.91 22 April 2008):
    >>
    >>
    >> http://www.realtek.com.tw/downloads/...&GetDown=false
    >>
    >>
    >> Add/Fix
    >> 1.) Driver :
    >> 1. Fix DTM 1.2 KS topology test fail issue.
    >> 2. Customizations.
    >>
    >>
    >> NOTE: There is now a disclaimer before you can download the drivers
    >> that it is best to obtain new drivers from your computer/motherboard
    >> manufacturer since they may have made customizations to their hardware;
    >> although, I personally have never had a problem with the drivers
    >> downloaded directly from the Realtek site.
    >>
    >>
    >> I Bleed Blue and Gold
    >> GO BEARS!
    >>
    >>
    >>

      My System SpecsSystem Spec

  6. #5
    grimreaper's Avatar

    PaSSiOn 4 ViSta

    Join Date : Dec 2007
    Posts : 256
    Windows Vista Ultimate X64 SPII
    Local Time: 01:24 AM
    canada ca ontario

     

    Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)

    Didn't even know Realtek has new audio drivers
    I'm downloading it right now...their site is slow btw.

      My System SpecsSystem Spec

  7. #6
    grimreaper's Avatar

    PaSSiOn 4 ViSta

    Join Date : Dec 2007
    Posts : 256
    Windows Vista Ultimate X64 SPII
    Local Time: 01:24 AM
    canada ca ontario

     

    Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)

    installed no problem ..even sounds better

      My System SpecsSystem Spec


Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)
Similar Threads
Thread Forum
Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008) Vista General
Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008) Vista hardware & devices
RE: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008) Vista hardware & devices
RE: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008) Vista performance & maintenance
RE: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008) Vista music pictures video