The blacklist of malicious drivers was no longer updated since 2019 on versions prior to Windows 11.
Microsoft announces that it has fixed an issue that prevented synchronization of the malicious driver block list on a very large number of systems.
The list had been abandoned since 2019
If devices running Windows 11 were spared, those with Windows 10 or Windows Server were vulnerable, since they had not received any updates from the blacklist established by Microsoft since December 2019.
Of course, new threats have emerged since that date, and users were completely exposed to them. The Redmond firm, however, ensured in its documentation that Windows machines were protected against malware included in certain drivers thanks to this regularly updated blacklist… which was not actually the case.
This list allows Windows to block the execution of drivers harboring malware, available on sites third to Microsoft or certified manufacturers, if the HVCI function or Windows S mode, which increase security, are activated. It prevents “Bring Your Own Vulnerable Driver” (BYOVD) type attacks.
An update fixes the problem
These embedded malware with legitimate drivers allow hackers to access your data, take control of your system or spy on you.
” The list of vulnerable drivers is regularly updated, but we received feedback that there was a timing gap between OS versions. We fixed this, and it will be fixed in future Windows updates. The documentation page will be updated as new updates are released Microsoft commented to BleepingComputer.
The blocking blacklist will soon be enabled by default on all devices. Microsoft warns, however, that this can affect computer performance and cause peripherals or software to malfunction in some cases. It will be possible to remove it through the Windows Security application, by disabling HVCI or S mode.
Source : BleepingComputer
2