Recently a similar thing has happened.

on Minecraft or rust, if an admin suspects you of cheating, you used to give him a TeamViewer session and the admin would check the PC for cheats (or ban you if you refuse).

Some guys made echo.ac, a software that mostly automates this check by scanning the PC and reporting the results on a web page the admin can check. I’m not going to go on the privacy issues this test given under duress causes, I’m sure you get the point.

In order to “analyze the memory of running processes” (apparently literally just a string search for common cheat tools in processes working memory), this tool registers a device driver (running as NT authority\system, of course) that is signed by Microsoft (required for distribution). The problem is that when a driver starts reading process memory like that, real anti-cheat solutions don’t like that. Users of echo.ac got banned from rust (to no fault of their own, really), which uses Easy AntiCheat, but the EAC team was quick to whitelist the driver as obviously it wasn’t a cheat driver.

Unless…

Yeah the driver has no security whatsoever and you can use it to cheat the fuck out of ANY game that uses EAC. People have been installing the anticheat tool just to get the driver, and then they can modify the game’s memory as they wish. Of course EAC would normally ban you for this but the driver is whitelisted :).

Turns out the driver being vulnerable also means on any machine it is installed you can elevate your privileges to NT authority\system and if a virus gets there you’re reinstalling your machine.

The cherry on top is that the echo.ac team and it’s CEO have been really salty about all of this and have blocked the researcher who found this out on Twitter, while it is verified that people were exploiting this for cheating.