The hardware vulnerability is no surprise, as much as Specter and Meltdown have exploded, the heartbeat of most today is by no means accelerated with the announcement of yet another speculative vulnerability. However, Eclypsium deals with an area that has similar threats to hardware vulnerability, with the exception that they can be repaired very well without losing speed.
According to a recent report from Eclypsium, also discussed by DEF CON, there are major vulnerabilities in device drivers that allow attackers to gain more privileges from ring 3 or admin level to ring 0. The latter is practically a kernel level at which manufacturers can install controls programs.
A major security factor would be to allow the most common OS developer to provide a security requirement that virtually prevents the installation of vulnerable drives. In fact, there is a signature package for this, which can be provided by the manufacturer or even Microsoft (WHQL), or with Windows 10, there is additional extended authentication. In theory, everything should go a long way because Microsoft has specific security requirements, but in practice it is devastating.
A study by Eclypsium found at least 20 well-known companies that offered vulnerable drivers their hardware, and most interestingly, they were even certified by Microsoft, which means the user could believe they were safe. At the same time, tested and vulnerable device drivers with different attack modes may gain greater privileges than user mode. This way, malware can scan a specific machine for vulnerabilities and find vulnerabilities, either stealing data or modifying the firmware of the affected hardware. The latter is quite dangerous as a practical reinstallation of the operating system will not eliminate the problem, since the malicious code has already entered the hardware software.
According to Eclypsium, affected companies include ASRock, ASUS, ATI (AMD), Biostar, EVGA, Getac, Gigabyte, Huawei, Insyde, Intel, MSI, NVIDIA, Phoenix Technologies such as Realtek, SuperMicro and Toshiba, and many more, just some companies are exposed to longer patches in a regulated environment, so it would be inappropriate to give attackers who know which system might be vulnerable. But stakeholders have been given data and are working on repairs.