It probably can be used to escape virtual machines going from root to ring -2, escaping the hypervisor. It can also modify uefi, making it far more difficult to remove the malware.
That's the idea that probably contributed to this problem: the model says that ring 0 is all powerful. But in a richer model, we might change who has ring 0—we might sell a machine, or get it infected and then want it clean. Root kits that can persist even when a later ring 0 wants them gone? That's surprising. So we learn to enrich our model to say something about time and causality, maybe.
Why did you feel the need to put exploit and bug in quotes? No, ring 0 doesn't own everything, and I suggest reading the paper[1] or the presentation[2] before armchair judging.
6 comments
[ 3.2 ms ] story [ 21.4 ms ] thread1. https://www.blackhat.com/docs/us-15/materials/us-15-Domas-Th...
2. https://github.com/xoreaxeaxeax/sinkhole/raw/master/us-15-Do...