Home Hacking News Realtek Patched DLL Hijacking Vulnerability In HD Audio Driver
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Realtek Patched DLL Hijacking Vulnerability In HD Audio Driver

by Abeerah Hashim
written by Abeerah Hashim
Realtek HD Audio Driver vulnerability

Realtek has recently confirmed a serious vulnerability in its HD Audio Driver Package for Windows. Upon exploit it could allow an adversary to evade security mechanisms and gain persistence on the target system.

Realtek HD Audio Driver Vulnerability

SafeBreach Labs have discovered a serious vulnerability in the Realtek HD Audio Driver Package for Windows. As stated in their advisory, they found a DLL hijacking flaw that could result in severe security threats to target Windows systems.

According to the researchers, the vulnerability CVE-2019-19705 could allow an attacker to execute malicious code. The flaw affected the “HD Audio Background Process” (RAVBg64.exe) that executed as NT AUTHORITY\SYSTEM. Upon execution, the process tried to load missing DLL files.

Once executed, the process tries to load RAVBg64ENU.dll and RAVBg64LOC.dll (which are not located in) its own directory.

At this point, an attacker with admin privileges could upload an arbitrary DLL and execute malicious code. This became possible due to the lack of signature validation and the use of outdated software.

The researchers have shared the proof-of-concept for this vulnerability in their advisory.

Realtek Rolled Out Patches

The Realtek HD Audio Driver bug could have serious consequences in case of exploitation. For instance, it could allow an adversary to bypass whitelisting and execute malicious code in a persistent way.

As confirmed in the Realtek’s advisory, the bug affected the Realtek HD Audio Driver version Legacy (non-DCH type) driver 1.0.0.8855. Hence, all PCs bearing the Realtek sound cards became vulnerable to the flaw.

Consequently, the vendors patched the flaw with the release of Realtek High Definition Audio Driver Legacy (non-DCH) driver 1.0.0.8856.

Users must ensure that their systems are running the latest version of Realtek HD Audio Driver to stay protected from potential exploitation.

Earlier, SafeBreach Labs also reported similar bugs in the numerous antivirus programs and other software such as TeamViewer.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses