Microsoft is finally cutting down on this list of dodgy Windows drivers
After two years, HVCI is getting a fresh list
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsoftkeeps a list of old and vulnerable drivers, which threat actors can use to sneak viruses,ransomware, and other malware intoendpointsof their choosing.
However, the last update was in 2019 - until now. After two years of sitting idly, the list has finally been updated - but not for all Windows users at once, though.
In anannouncementpublished on the company blog, Microsoft said that the blocklist used by the hypervisor-protected code integrity (HVCI) tool will, from now on, be updated once or twice a year.
More ways to update
“The blocklist is updated with each new major release of Windows, typically 1-2 times per year, including most recently with theWindows 112022 update released in September 2022,” Microsoft said. “The most current blocklist is now also available forWindows 1020H2 andWindows 1121H2 users as an optional update from Windows Update. Microsoft will occasionally publish future updates through regular Windows servicing.”
Users who always want the latest update to the driver blocklist can use Windows Defender Application Control (WDAC) to apply the latest blocklist, the company further stated. For the sake of convenience, the company provided a download of the most up-to-date vulnerable driver blocklist, as well as instructions on how to apply it, foundhere.
Installing gaming drivers might leave your PC vulnerable to cyberattacks>Microsoft’s own mistake may have left users at risk of malware attacks>Check out the best internet security suites right now
Microsoft has been getting a lot of criticism lately for the lack of updates to the vulnerable driver blocklist - mainly because the number of attacks using this method skyrocketed.
The method is called Bring Your Own Vulnerable Driver (BYOVD), and it’s quite a simple thing: a threat actor would trick a victim, usually through social engineering or phishing, into downloading a Windows driver that’s known for being faulty.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Being a signed driver, it doesn’t trigger anyantivirusor endpoint protection services alarms. It just installs like any other non-malicious thing. The driver, being flawed, gives the hackers access to the device, which they can later use for any other attack they see fit - ransomware, botnets, data exfiltration, etc.
Via:The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
Anker Nebula Mars 3 review: A powerful and truly portable projector
