Not necessarily in Windows 10 Enterprise, there can be some limits to what "System" can access, with a feature designed to protect credentials from exploited drivers:
With Windows 10 and Device Guard, credentials are stored encrypted using Hyper-V, an approach known as "virtualization-assisted security." Credential Guard blocks access "even when an untrusted program has full administrative access to your environment,"
Drivers can't get into the Local Security Authority of Windows 10
I can imagine it would be possible to reverse engineer the service interfaces of DolbyDAX2API.exe ("exported functions"), write a wrapper which embeds the original executable and forwards the service requests to the original implemententation. The wrapper could contain malicious code and intercept the service calls.
This could be even done generically. Maybe something like this exists already anyway.
This way nobody would notice that something is wrong - functionality wise. Perfect eavesdropping on Windows services.
its value added BS. Dolby tries very hard to be Creative 2.0 by pushing patented crap into standards (hdmi, bluray) to position itself as essential for hi def audio = collect patent tax.
My Dell laptop has "MAXXAUDIO PRO", which does a bunch of heavy-handed stuff to make audio sound "better." I finally found the program when I was trying to figure out why my audio levels seemed to change.. My music would get louder over time, and if I moved the volume one increment up or down, it would drop back to the normal level. Turning off the sound-mangler solved that issue and allowed my music to sound the way it's supposed to.
It really frustrates me when manufacturers include crap like that.
Yes! This is why I was thrilled when Microsoft started making their own laptops. The only thing I had to kill on this Surface Book was this annoying little popop that offered deals on Microsoft Office, and that was simple to disable--it had an uninstall button right on it.
This is really an argument about whether or not proprietary systems are inherently more secure. I run Arch on my main system, and when a vulnerability is disclosed, it's often patched within hours. Windows is littered with bugs, vulnerabilities, and security holes. Older versions have been left to rot, leaving thousands of systems vulnerable.
Of course, it could be argued that the weakest link in the chain is the user, but with a vulnerability like this one, I don't see how that applies.
In this case the "user" is the system manufacturer who developed an exploitable application, in this case, Lenovo.
Lenovo could sell a Linux PC with a similar application that communicated with a daemon running as root which binary was saved in /bin with 0777 permissions.
There is nothing special about Windows that makes this vulnerability possible.
As per definition of vulnerability, this is something that many Linux systems have ran into in the past. When you get outside of mainline distributed programs you see vendor issues like this all the time. 777 is a thing in Linux and people/vendors do dumb crap with it all the time. Privilege escalation to root via bad file permissions is not an uncommon problem in Linux either.
The patch for this problem is easy enough too.
Right click > security > remove full access.
If this application is widely distributed enough Microsoft may very well push a fix for it. What we don't know here is how many computers are affected by this, it could be a very large number, or it could be a few from a limited distribution with a bad setting.
