Security News > 2022 > April > How Microsoft blocks vulnerable and malicious drivers in Defender, third-party security tools and in Windows 11

While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft.

"Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."

HVCI and the Microsoft Vulnerable Driver Blocklist are among the hardware security options that are now on by default on many Windows 11 PCs - and this is one of the reasons for the stricter system requirements for Windows 11.

Windows Defender Application Control, which lets you create policies for what applications and drivers can run on a PC, is no longer restricted to just the Enterprise version of Windows.

The Device Health Attestation API in Windows is a way for not just Microsoft security tools but third-party options like AirWatch and Mobile Iron to protect the security agent running on the system from the kind of tampering malicious drivers permit attackers to do.

Like HVCI, the driver blocklists and the other security features that are on by default in Windows 11, smart app control will only be on by default if you buy a new PC with Windows 11 or do a clean install.

News URL

https://www.techrepublic.com/article/how-microsoft-blocks-vulnerable-malicious-drivers-defender-third-party-security-tools-windows-11/