Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,366
Earlier today, Microsoft released its Patch Tuesday updates for Windows 10 (KB5028166) and Windows 11(KB5028185). The company announced separately about the new Dynamic SafeOS updates meant for hardening the security mitigations put in place against Secure Boot vulnerabilities.
Alongside changes made to its Secure Boot DBX, Microsoft also added several malicious drivers to its Windows Driver.STL revocation list. Microsoft was informed of these vulnerable drivers by security research firms Cisco Talos, Sophos, and Trend Micro.
On a dedicated security advisory ADV230001, Microsoft explains the issue (CVE-2023-32046) which was a result of maliciously signed WHQL drivers.
Microsoft has added all such drivers to the Vulnerable Driver Blocklist with Windows Security updates (Microsoft Defender 1.391.3822.0 and newer).
Microsoft acknowledges many Windows 11, Windows 10 WHQL drivers were actually malware
Microsoft released its latest July Patch Tuesday updates earlier today. The company added a revocation list featuring multiple WHQL-signed Windows drivers that were actually malware.
www.neowin.net