CVE-2019-7244: 
FinalWire AIDA64 vulnerability analysis and mitigation

CVE-2019-7244 is a vulnerability discovered in the kerneld.sys driver, which is part of the AIDA64 software package. The vulnerability was identified in early 2019 and allows unauthorized access to Model Specific Registers (MSR) through IOCTL 0x80112084. The affected component exposes the wrmsr instruction to user-mode callers without proper validation (FireEye Disclosure).

The vulnerability exists in the kerneld.sys driver's handling of IOCTL 0x80112084, which allows modification of Model Specific Registers (MSR) on the target system. The driver fails to properly filter access to critical MSRs, including 0xC0000081, 0xC0000082, 0xC0000083, 0x174, 0x175, and 0x176. These registers control various system functionalities, including CPU temperature monitoring, branch tracking, voltage adjustments, and most critically, the kernel mode function handling system calls (FireEye Disclosure).

The vulnerability has a high impact as it enables arbitrary Ring 0 code execution, effectively allowing attackers to run unsigned code with kernel-level privileges. This could potentially lead to complete system compromise (FireEye Disclosure).

The vulnerability was resolved in AIDA64 version 5.99. Users should upgrade to this version or later to protect against this vulnerability (FireEye Disclosure).