According to a report, Microsoft neglected to adequately secure Windows PCs against rogue drivers for over three years. Microsoft claims that its Windows updates add newly discovered harmful drivers to a blocklist that devices download, but Ars Technica discovered that these updates never took effect. Users may have been exposed to an attack known as BYOVD, or bring your own vulnerable driver, because of this loophole.
Microsoft mandates that all drivers be digitally signed, demonstrating their safety for use, as drivers have access to the kernel, the heart of a device’s operating system. However, if a digitally signed driver that is currently in use has a security flaw, hackers may use it to access Windows directly.
Microsoft claims that certain Windows devices have hypervisor-protected code integrity (HVCI), which is designed to guard against malicious drivers, activated by default. Will Dormann, a senior vulnerability analyst at the cybersecurity firm Analygence, and Ars Technica both discovered that this feature doesn’t offer sufficient defence against rogue drivers.
Subscribe to OnsitegoGet the latest technology news, reviews, and opinions on tech products right into your inbox
Last month, Dormann posted his research on Twitter, and it wasn’t until this week that Microsoft responded to his assertions. In response to Dormann’s comments, Microsoft project manager Jeffery Sutherland stated, “We are also addressing the problems with our maintenance procedure that have stopped devices from receiving policy updates.”
Since then, Microsoft has offered instructions on how to manually add the vulnerable drivers that have been absent for years to the blocklist, but it is still unclear when the company will begin adding new drivers to the list automatically through Windows updates.