Login Sign Up

CVE-2023-1679

5.3 MEDIUM

📋 TL;DR

This is a critical local privilege escalation vulnerability in DriverGenius software. The vulnerability allows attackers with local access to exploit a memory corruption flaw in the kernel driver to execute arbitrary code with SYSTEM privileges. Only users of DriverGenius version 9.70.0.346 are affected.

💻 Affected Systems

Products:
  • DriverGenius
Versions: 9.70.0.346
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the vulnerable driver mydrivers64.sys to be loaded, which occurs when DriverGenius is running.

📦 What is this software?

Drivergenius by Drivergenius

View all CVEs affecting Drivergenius →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, allowing installation of persistent malware, credential theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM privileges, enabling attackers to bypass security controls and install additional payloads.

🟢

If Mitigated

Limited impact if proper endpoint protection and least privilege principles are enforced, though local attackers could still gain elevated privileges.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or remote desktop access to the system.
🏢 Internal Only: HIGH - Any compromised user account or insider threat could exploit this to gain SYSTEM privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit code is publicly available on GitHub and requires local access to execute. The vulnerability is in a kernel driver, making exploitation more complex than user-space vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider uninstalling DriverGenius 9.70.0.346 until a fixed version is released.

🔧 Temporary Workarounds

Uninstall DriverGenius

windows

Remove the vulnerable software to eliminate the attack surface

Control Panel > Programs > Uninstall a program > Select DriverGenius > Uninstall

Block vulnerable driver loading

windows

Use Windows Defender Application Control or similar to block mydrivers64.sys

🧯 If You Can't Patch

  • Implement strict least privilege principles to limit damage from privilege escalation
  • Deploy endpoint detection and response (EDR) solutions to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if DriverGenius version 9.70.0.346 is installed via Programs and Features or by checking the installed software version

Check Version:

wmic product where name="DriverGenius" get version

Verify Fix Applied:

Verify DriverGenius is uninstalled or updated to a version later than 9.70.0.346

📡 Detection & Monitoring

Log Indicators:

  • Driver load events for mydrivers64.sys
  • Process creation with elevated privileges from DriverGenius processes

Network Indicators:

  • No network indicators as this is a local vulnerability

SIEM Query:

EventID=7045 AND ServiceName="mydrivers64.sys" OR ProcessName="DriverGenius.exe" AND NewProcessName="cmd.exe" OR "powershell.exe"

📊 Metadata

CVE ID: CVE-2023-1679
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
Published: March 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1679, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)