Windows's Privilege Escalation always come to high privilege processes or services exploitation, and the Drivers definitely takes part in this. Usually, one logic error has been found in OEM vendor's driver will make all its product lines suffer from PoE abusing risk. No doubt, there are some problems cause by windows updates and the architecture refracture of developing driver, but most problems cause by code reference (e.g. github clone), this is because to a developer need to make sure the driver fit the standard and will not cause BSoD with resource management, also, several efficiency optimization debugging progress make all developers exhausted. Therefore, security is the last thing to be considered, and usually miss.
Although Windows Driver exploit research looks like such easy if you prepare the domain knowledge of windows driver, those protect mechanisms (SMEP, KTPI, HyperV & PatchGuard) provide by windows still make exploit research encounter such hard time. This session will go on Windows Driver architecture first to make audience become more easier to understand the driver's problems which I'm going to explain. With several famous instances, we will talk about driver's Downgrade Attack, Unauth-Handle & MSR exploit.
Member of UCCU Hacker, a developer of windows driver, had shared several talks on SITCON 2019, MOPCON 2019 & iThome CyberSec 2020.