LOLDriver Detection (Windows)

low Nessus Plugin ID 204959

Synopsis

Detects potentially vulnerable or malicious drivers on the remote Windows host.

Description

The remote Windows host has one or more drivers listed on 'Living Off The Land Drivers', also known as loldrivers. These drivers may have known weaknesses that could allow an attacker to bypass security controls on the host, or may be malware disguised as a legitimate device driver.

Solution

If the driver is a componet of an authorized software package, contact the vendor of the product for an update. If the driver is malicious, remove it, and investigate your network for further signs of a breach.

See Also

https://www.loldrivers.io/

Plugin Details

Severity: Low

ID: 204959

File Name: lol_drivers_detect_win.nbin

Version: 1.6

Type: local

Agent: windows

Family: Misc.

Published: 8/1/2024

Updated: 9/24/2024

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: WMI/SystemDrivers/Enumerated