Security News Microsoft hasn't Updated List of Banned Dodgy Windows 10 Drivers in Years

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,469
Microsoft appears to have woken up and realized it may have left certain Windows Server and Windows 10 systems exposed to exploitable drivers for years.

Redmond has been dogged by criticism that its hypervisor-protected code integrity (HVCI) feature was not fulfilling its promise. Much-hyped by Microsoft over the past two years, HVCI, when available and switched on, is supposed to prevent known vulnerable drivers from running on a Windows box, as this code could be exploited by miscreants to gain total control over the system. HVCI requires certain hardware support, and isn't always available or enabled. This month it emerged the list of vulnerable drivers HVCI was supposed to be blocking was wildly out of date on machines running certain pre-Windows 11 operating systems, such as some Windows 10 and Windows Server builds. Bad drivers that should have been banned by HVCI, when enabled, weren't, simply put.

Though there are other ways to block bad drivers, and with a more recent ban list, such as via WDAC, those who assumed HVCI was automatically protecting their Windows 10 PCs may not have realized its driver deny-list has not been updated since 2019. This potentially left the door open to so-called bring-your-own-vulnerable-driver (BYOVD) attacks on those neglected systems. A BYOVD attack typically involves someone gaining a foothold on your computer – such as by tricking you into running malware, or being a rogue insider – and installing a known-vulnerable driver that can be exploited to hijack the box at the kernel level. To do so, the miscreant needs sufficient user privileges or access to install the bad driver.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top