Realtek Patched DLL Hijacking Vulnerability In HD Audio Driver

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Realtek has recently confirmed a serious vulnerability in its HD Audio Driver Package for Windows. Upon exploit it could allow an adversary to evade security mechanisms and gain persistence on the target system.

Realtek HD Audio Driver Vulnerability

SafeBreach Labs have discovered a serious vulnerability in the Realtek HD Audio Driver Package for Windows. As stated in their advisory, they found a DLL hijacking flaw that could result in severe security threats to target Windows systems.

According to the researchers, the vulnerability CVE-2019-19705 could allow an attacker to execute malicious code. The flaw affected the “HD Audio Background Process” (RAVBg64.exe) that executed as NT AUTHORITY\SYSTEM. Upon execution, the process tried to load missing DLL files.

Once executed, the process tries to load RAVBg64ENU.dll and RAVBg64LOC.dll (which are not located in) its own directory.

At this point, an attacker with admin privileges could upload an arbitrary DLL and execute malicious code. This became possible due to the lack of signature validation and the use of outdated software.

The researchers have shared the proof-of-concept for this vulnerability in their advisory.

Realtek Rolled Out Patches

The Realtek HD Audio Driver bug could have serious consequences in case of exploitation. For instance, it could allow an adversary to bypass whitelisting and execute malicious code in a persistent way.

As confirmed in the Realtek’s advisory, the bug affected the Realtek HD Audio Driver version Legacy (non-DCH type) driver 1.0.0.8855. Hence, all PCs bearing the Realtek sound cards became vulnerable to the flaw.

Consequently, the vendors patched the flaw with the release of Realtek High Definition Audio Driver Legacy (non-DCH) driver 1.0.0.8856.

Users must ensure that their systems are running the latest version of Realtek HD Audio Driver to stay protected from potential exploitation.

Earlier, SafeBreach Labs also reported similar bugs in the numerous antivirus programs and other software such as TeamViewer.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!