iVentoy installing unsafe Windows Kernel drivers?

https://github.com/ventoy/PXE/issues/106

15•_a8di•9mo ago

Comments

_a8di•9mo ago

(I am not the person who found it, but I reproduced and I confirm his finding)

Another source:

https://security.stackexchange.com/questions/281238/iventoy-...

_a8di•9mo ago

Up to now, I confirm I can reproduce the following steps:

- download of official "iventoy-1.0.20-win64-free.zip"

- extraction of "iventoy.dat"

- conversion back to "iventoy.dat.xz" thanks to @ppatpat's Python code

- confirm that "wintool.tar.xz" is recognized by VirusTotal as something that injects fake root certificates

The next steps are scary, given the popularity of Ventoy/iVentoy :

> Analyzing "iventoy.dat.xz\iventoy.dat.\win\vtoypxe64.exe" we see it includes a self signed certificate named "EV" certificate "JemmyLoveJenny EV Root CA0" at offset=0x0002C840 length=0x70E. > vtoypxe64.exe programmatically installs this certificate in the registry as a "trusted root certificate"

Maxious•9mo ago

JemmyLoveJenny still lives!

https://www.bleepingcomputer.com/news/security/hackers-explo...

_a8di•9mo ago

Playing devil's advocate, could it be that they require a temporary access to a customized Windows driver (and thus they fake a trusted root certificate) to make Ventoy work? If that's the case, they should have documented it properly in the source...

Or do you think it's 100% malicious?

ziml77•9mo ago

This year old issue regarding blobs in the repo with a ton of replies has not gotten responses from the author https://github.com/ventoy/Ventoy/issues/2795

Doesn't mean for sure it's malicious but them not even explaining why there's blobs like this is very suspicious.

Maxious•9mo ago

I think regardless of intent, it is a security vulnerability to install these ring 0 loopholes. Microsoft is cracking down on RGB lighting and anticheat software drivers similarly

sn0n•9mo ago

So... If I use ventoy should I worry?

*Starts looking for alternatives just cuz*

out-of-ideas•9mo ago

isnt iventoy different than ventoy?

also check if your system has the reg key listed in the issue

there's always https://www.supergrubdisk.org/super-grub2-disk/

and finally, if you are really concerned and dont want to re-install, you can always take export the registry key of your root certs of a ventoy installed system and compare against a system not loaded with ventoy

edit: can also use systemd to boot iso's (among many other things)

Browser-use for Node.js v0.2.0: TS AI browser automation parity with PY v0.5.11

Michael Pollan Says Humanity Is About to Undergo a Revolutionary Change

Software Engineering Is Back

Storyship: Turn Screen Recordings into Professional Demos

Reputation Scores for GitHub Accounts

A BSOD for All Seasons – Send Bad News via a Kernel Panic

Show HN: I got tired of copy-pasting between Claude windows, so I built Orcha

Omarchy First Impressions

Reinforcement Learning from Human Feedback

Show HN: Versor – The "Unbending" Paradigm for Geometric Deep Learning

Show HN: HypothesisHub – An open API where AI agents collaborate on medical res

Big Tech vs. OpenClaw

Anofox Forecast

Ask HN: How do you figure out where data lives across 100 microservices?

Motus: A Unified Latent Action World Model

Rotten Tomatoes Desperately Claims 'Impossible' Rating for 'Melania' Is Real

The protein denitrosylase SCoR2 regulates lipogenesis and fat storage [pdf]

Los Alamos Primer

NewASM Virtual Machine

Terminal-Bench 2.0 Leaderboard

I vibe coded a BBS bank with a real working ledger

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

Browser-use for Node.js v0.2.0: TS AI browser automation parity with PY v0.5.11

Michael Pollan Says Humanity Is About to Undergo a Revolutionary Change

Software Engineering Is Back

Storyship: Turn Screen Recordings into Professional Demos

Reputation Scores for GitHub Accounts

A BSOD for All Seasons – Send Bad News via a Kernel Panic

Show HN: I got tired of copy-pasting between Claude windows, so I built Orcha

Omarchy First Impressions

Reinforcement Learning from Human Feedback

Show HN: Versor – The "Unbending" Paradigm for Geometric Deep Learning

Show HN: HypothesisHub – An open API where AI agents collaborate on medical res

Big Tech vs. OpenClaw

Anofox Forecast

Ask HN: How do you figure out where data lives across 100 microservices?

Motus: A Unified Latent Action World Model

Rotten Tomatoes Desperately Claims 'Impossible' Rating for 'Melania' Is Real

The protein denitrosylase SCoR2 regulates lipogenesis and fat storage [pdf]

Los Alamos Primer

NewASM Virtual Machine

Terminal-Bench 2.0 Leaderboard

I vibe coded a BBS bank with a real working ledger

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

iVentoy installing unsafe Windows Kernel drivers?

Comments