• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Re: New Realtek HD Audio Drivers (ver. 1.91 22 April 2008)

M

MowGreen [MVP]

#1
And now, for the bad news:

> Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
>
>
> :: Non-Technical Description
>
> Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. Successful exploitation grants SYSTEM privileges to authenticated users, no special privileges are required to exploit the flaw.
>
> A malicious attacker can take advantage of these flaws to elevate privileges in the following forms:
>
> 1. Creating, reading or writing arbitrary registry keys.
> 2. Overwriting arbitrary kernel addresses.
>
>
> :: Files affected
>
> RTKVHDA.sys < 6.0.1.5605 (32-bit) Windows Vista
> RTKVHDA64.sys (signed) < 6.0.1.5605 (64-bit) Windows Vista
>
> :: Credits
>
> Vulnerability discovered and researched by Ruben Santamarta.
>
> :: Disclosure Timeline
>
> 04/02/2008 - Realtek contacted
> 04/23/2008 - Flaw fixed. Public Disclosure.
>
> :: Technical details - Original Advisory
>
> http://www.wintercore.com/advisories/advisory_W010408.html
>
RTKVHDA.sys and RTKVHDA64.sys V.6.0.1.5605 are in that updated driver
package. Did they post a Disclaimer for the vulnerability ?

Caveat emptor !

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



Cal Bear '66 wrote:

> New Realtek HD Audio Drivers (ver. 1.91 22 April 2008):
>
>
> http://www.realtek.com.tw/downloads...=24&Level=4&Conn=3&DownTypeID=3&GetDown=false
>
>
> Add/Fix
> 1.) Driver :
> 1. Fix DTM 1.2 KS topology test fail issue.
> 2. Customizations.
>
>
> NOTE: There is now a disclaimer before you can download the drivers that it is
> best to obtain new drivers from your computer/motherboard manufacturer since
> they may have made customizations to their hardware; although, I personally have
> never had a problem with the drivers downloaded directly from the Realtek site.
>
>
> I Bleed Blue and Gold
> GO BEARS!
>
>
>
 

My Computer

T
#2
Hi, Mow,

I'm reading the wintercore site as indicating the versions prior to this
release are vulnerable. If you look in #6 Products Affected, they're
using the symbol less than (<) before the release number. I'm assuming
6.01.5605 is the fixed release.

Tom

MowGreen [MVP] wrote:

> And now, for the bad news:
>

>> Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
>>
>>
>> :: Non-Technical Description
>>
>> Realtek HD Audio Codec Drivers are prone to a local privilege
>> escalation due to insufficient validation of user-mode buffers.
>> Successful exploitation grants SYSTEM privileges to authenticated
>> users, no special privileges are required to exploit the flaw.
>>
>> A malicious attacker can take advantage of these flaws to elevate
>> privileges in the following forms:
>>
>> 1. Creating, reading or writing arbitrary registry keys.
>> 2. Overwriting arbitrary kernel addresses.
>>
>>
>> :: Files affected
>>
>> RTKVHDA.sys < 6.0.1.5605 (32-bit) Windows Vista
>> RTKVHDA64.sys (signed) < 6.0.1.5605 (64-bit) Windows Vista
>>
>> :: Credits
>>
>> Vulnerability discovered and researched by Ruben Santamarta.
>>
>> :: Disclosure Timeline
>>
>> 04/02/2008 - Realtek contacted
>> 04/23/2008 - Flaw fixed. Public Disclosure.
>>
>> :: Technical details - Original Advisory
>>
>> http://www.wintercore.com/advisories/advisory_W010408.html
>>
>
> RTKVHDA.sys and RTKVHDA64.sys V.6.0.1.5605 are in that updated driver
> package. Did they post a Disclaimer for the vulnerability ?
>
> Caveat emptor !
>
> MowGreen [MVP 2003-2008]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
 

My Computer

M

MowGreen [MVP]

#3
You are correct, Tom. That bracket does indicate lesser versions of the
drivers for Vista are vulnerable :

> 04/02/2008 - Realtek contacted
>
> 04/23/2008 - Flaw fixed. Public Disclosure.

The Public Disclosure was one day after Realtek put out the latest
drivers. So, if anyone is reading this and has the *older, vulnerable*
versions installed ... go get them here:
http://www.realtek.com.tw/downloads...=24&Level=4&Conn=3&DownTypeID=3&GetDown=false

Cal Bear '66 to the rescue ... away.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



TomV wrote:

> Hi, Mow,
>
> I'm reading the wintercore site as indicating the versions prior to this
> release are vulnerable. If you look in #6 Products Affected, they're
> using the symbol less than (<) before the release number. I'm assuming
> 6.01.5605 is the fixed release.
>
> Tom
>
<snip>
 

My Computer

D

DarkSentinel

#4
"MowGreen [MVP]" <mowgreen@xxxxxx> wrote in message
news:#Oaa3cYpIHA.3568@xxxxxx

> And now, for the bad news:
>

>> Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
>>
>>
>> :: Non-Technical Description
>>
>> Realtek HD Audio Codec Drivers are prone to a local privilege escalation
>> due to insufficient validation of user-mode buffers. Successful
>> exploitation grants SYSTEM privileges to authenticated users, no special
>> privileges are required to exploit the flaw.
>>
>> A malicious attacker can take advantage of these flaws to elevate
>> privileges in the following forms:
>>
>> 1. Creating, reading or writing arbitrary registry keys.
>> 2. Overwriting arbitrary kernel addresses.
>>
>>
>> :: Files affected
>>
>> RTKVHDA.sys < 6.0.1.5605 (32-bit) Windows Vista
>> RTKVHDA64.sys (signed) < 6.0.1.5605 (64-bit) Windows Vista
>>
>> :: Credits
>>
>> Vulnerability discovered and researched by Ruben Santamarta.
>>
>> :: Disclosure Timeline
>>
>> 04/02/2008 - Realtek contacted
>> 04/23/2008 - Flaw fixed. Public Disclosure.
>>
>> :: Technical details - Original Advisory
>>
>> http://www.wintercore.com/advisories/advisory_W010408.html
>>
>
> RTKVHDA.sys and RTKVHDA64.sys V.6.0.1.5605 are in that updated driver
> package. Did they post a Disclaimer for the vulnerability ?
>
> Caveat emptor !
While not related to this particular issue, there are a couple of other
issues to be aware of here too. Loading Logitech's SetPoint software will
sometimes break the driver. A driver reinstall will fix this issue. Also,
for those that run SAM Broadcaster, the last version of the Realtek drivers
will sometimes kill the output. SAM must be completely uninstalled, and
reinstalled from scratch. Would pretty much advise that unless the update
fixes issues that are currently being experienced to stay with what is
working.

--
Sanity calms, but madness is more interesting.
http://www.lockergnome.com/darksentinel
Undo the munge to reply by email

> Cal Bear '66 wrote:
>

>> New Realtek HD Audio Drivers (ver. 1.91 22 April 2008):
>>
>>
>> http://www.realtek.com.tw/downloads...=24&Level=4&Conn=3&DownTypeID=3&GetDown=false
>>
>>
>> Add/Fix
>> 1.) Driver :
>> 1. Fix DTM 1.2 KS topology test fail issue.
>> 2. Customizations.
>>
>>
>> NOTE: There is now a disclaimer before you can download the drivers
>> that it is best to obtain new drivers from your computer/motherboard
>> manufacturer since they may have made customizations to their hardware;
>> although, I personally have never had a problem with the drivers
>> downloaded directly from the Realtek site.
>>
>>
>> I Bleed Blue and Gold
>> GO BEARS!
>>
>>
>>
 

My Computer

grimreaper

PaSSiOn 4 ViSta
Vista Pro
Messages
256
#5
Didn't even know Realtek has new audio drivers:)
I'm downloading it right now...their site is slow btw.
 

My Computer

System One

  • Manufacturer/Model
    custom of course...
    CPU
    Intel Quad Q9650 3.00GHz
    Motherboard
    EVGA 790i Ultra 3-way SLi
    Memory
    OCZ NVIDIA SLI Ready 8GB DDR3 1800MHz @1.9V
    Graphics Card(s)
    BFG GeForce 280 GTX OC EditionX2 SLi'd
    Sound Card
    SoundBlaster X-FI Titanium Fatal1ty Pro Series
    Monitor(s) Displays
    Samsung 52" 1080P LCD HDTV (LN52B550)
    Screen Resolution
    1920X1080
    Hard Drives
    2XWestern Digital WD1001FALS Caviar Black Hard Drive - 1TB
    PSU
    ThermalTake ToughPower 1200watt W0113RU
    Case
    Thermaltake Armor 6000BWS
    Cooling
    ThermalTake MaxOrb CL-P0369
    Mouse
    Logitech G7 Laser Cordless mouse black - niiice:)
    Keyboard
    Logitech cordless Y-RAJ56A piece of ****
    Internet Speed
    10 Mb/sec DL - 1 Mb/sec UL
    Other Info
    D-Link DGL-4500 Extreme N wireless router ...siiick:)
    2XSamsung SH-S223Q/BEBN SATA LightScribe
    1XLG GGW-H20L super-multi Blu-Ray burner
    Belkin UPS F6C1500TWRK
    Pioneer 7.1 Channel HDMI Receiver (VSX-9130TXV-K)

grimreaper

PaSSiOn 4 ViSta
Vista Pro
Messages
256
#6
installed no problem ..even sounds better:)
 

My Computer

System One

  • Manufacturer/Model
    custom of course...
    CPU
    Intel Quad Q9650 3.00GHz
    Motherboard
    EVGA 790i Ultra 3-way SLi
    Memory
    OCZ NVIDIA SLI Ready 8GB DDR3 1800MHz @1.9V
    Graphics Card(s)
    BFG GeForce 280 GTX OC EditionX2 SLi'd
    Sound Card
    SoundBlaster X-FI Titanium Fatal1ty Pro Series
    Monitor(s) Displays
    Samsung 52" 1080P LCD HDTV (LN52B550)
    Screen Resolution
    1920X1080
    Hard Drives
    2XWestern Digital WD1001FALS Caviar Black Hard Drive - 1TB
    PSU
    ThermalTake ToughPower 1200watt W0113RU
    Case
    Thermaltake Armor 6000BWS
    Cooling
    ThermalTake MaxOrb CL-P0369
    Mouse
    Logitech G7 Laser Cordless mouse black - niiice:)
    Keyboard
    Logitech cordless Y-RAJ56A piece of ****
    Internet Speed
    10 Mb/sec DL - 1 Mb/sec UL
    Other Info
    D-Link DGL-4500 Extreme N wireless router ...siiick:)
    2XSamsung SH-S223Q/BEBN SATA LightScribe
    1XLG GGW-H20L super-multi Blu-Ray burner
    Belkin UPS F6C1500TWRK
    Pioneer 7.1 Channel HDMI Receiver (VSX-9130TXV-K)

Users Who Are Viewing This Thread (Users: 1, Guests: 0)