Zdnet[.]com/article/researchers-find-security-flaws-in-40-kernel-drivers-from-20-vendors/
Basically, it’s a good reason to look for & install recently updated drivers, but it’s not the end of the world, and even if it was, you’re limited in what you can do about it. Microsoft has developed security measures to block or at least mitigate this sort of thing, but they’re primarily for corp. IT, apply more to servers than PCs & laptops, and can cause serious performance hits. On your own, besides updating drivers, you can keep your device as malware free as possible – these driver vulnerabilities are more useful to cybercriminals for persistence & privilege escalation, since they don’t make it easier to hack into your system(s) in the 1st place.
Drivers are the middlemen that allow Windows [or whatever OS] to talk to the hardware it’s running on. Because of that, very many drivers load before Windows can fully start, and that means before most security measures become active. So, one way to make sure your malware goes undetected and stays in effect is to make sure that the OS [Windows] thinks that it’s a driver, or you can infect an existing driver, either way giving you a measure of persistence.
2nd, while Windows doesn’t go near as far as Linux, it does restrict what you’re able to do if you don’t have the highest level of permissions. There are some folders, & maybe partitions you cannot access. There are registry keys you can’t edit. Just deleting, moving, pasting files can require giving explicit permission, even though you’re logged into an admin account. When you’re hacking into a system, using a phishing exploit or whatever, it’s easier to get User access than it is to get full access with all permissions. Full access is of course more valuable, allowing you to do more nefarious things. If a cybercriminal is successful in getting lower level [User rather than admin] access, pivoting to exploit a driver vulnerability is one way to increase your level of permissions, & is called privilege escalation. So if someone(s) has already compromised your copy of Windows & has minimal user access, a vulnerable driver might make it easier for them to get a full level of control.
If things go true-to-form, now that specific vulnerabilities have been published, probably along with example code to prove it’s possible, there’s going to be some sort of wave of cybercriminals using any example code to fashion their own attacks. In a situation like this it wouldn’t be unusual for cybercriminals to pair more than one method, for example using an easy, widely available hack to get low level access, with their malware automatically seeking out unpatched drivers for privilege escalation.
That all said, the software I’m most concerned about personally are utilities from the device or motherboard manufacturer, especially apps that can update the device BIOS. While an infected or fake driver is dangerous, infecting the BIOS takes it to a MUCH HIGHER level. The results &/or benefits to a cybercriminal [or nation state] are much the same, but you can always wipe the disk & reinstall Windows to rid yourself of malware drivers, but you’d have to re-flash the BIOS. Most people don’t even know what the BIOS is, or that it exists. Most don’t know about settings in the BIOS that make or break the system. In many [most?] cases a genuine copy of the BIOS isn’t even available to flash. And last, if things go sideways flashing the BIOS [& they sometimes do], it can brick the device, often with no practical way to fix things – repair for example might involve holding an identical BIOS chip with good firmware so that its leads contact the leads on the original BIOS chip. Not only is that 2nd BIOS chip hard to come by, it’s not trivial to disassemble many laptops for example to get access to that BIOS chip.