US 11,934,534 B2
Vulnerability analysis of a computer driver
Raghav Pande, Bellevue, WA (US); Jordan Josef Geurten, Redmond, WA (US); and Danut Antoche-Albisor, Sammamish, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Nov. 29, 2021, as Appl. No. 17/537,386.
Prior Publication US 2023/0169178 A1, Jun. 1, 2023
Int. Cl. G06F 21/57 (2013.01); G06F 21/54 (2013.01); G06F 21/56 (2013.01); G06F 21/64 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 21/54 (2013.01); G06F 21/562 (2013.01); G06F 21/566 (2013.01); G06F 21/64 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
performing dynamic vulnerability detection of a driver while the driver is executing in a computing system, the dynamic vulnerability detection comprising:
detecting at least one offset made available by the driver for access to the driver; and
detecting application programming interface (API) calls made by the driver;
performing static vulnerability detection of the driver by analyzing binary code of the driver, the static vulnerability detection comprising:
determining the at least one offset available for access to the driver; and
identifying vulnerable code paths to functions accessing kernel functionality;
determining if the driver is vulnerable based on results from the dynamic vulnerability detection and the static vulnerability detection; and
automatically disabling the driver in the computer system for access by other programs based on the determining that the driver is vulnerable.