Microsoft has launched this week a special web portal where users and researchers can report malicious drivers to the company’s security team.
The new
Vulnerable and Malicious Driver Reporting Center is basically a web form that allows users to upload a copy of a malicious driver, which gets uploaded and analyzed by a Microsoft automated scanner.
At a technical level, Microsoft says this automated scanner can identify techniques that are commonly abused by malicious drivers, such as:
- Drivers with the ability to map arbitrary kernel, physical, or device memory to user mode.
- Drivers with the ability to read or write arbitrary kernel, physical, or device memory, including Port I/O and central processing unit (CPU) registers from user mode.
- Drivers that provide access to storage that bypass Windows access control.
Positive scans are flagged and sent to a more in-depth investigation to one of Microsoft’s security team members.
The OS maker said the center and its scanner can analyze drivers for both 32-bit and 64-bit architectures and encouraged users to report any driver they believe might contain malware or are benign but contain vulnerable code.
Malicious drivers will be blacklisted, while vulnerable drivers will be reported to their respective vendors.