Security News > 2022 > April > How Microsoft blocks vulnerable and malicious drivers in Defender, third-party security tools and in Windows 11
While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft.
"Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."
HVCI and the Microsoft Vulnerable Driver Blocklist are among the hardware security options that are now on by default on many Windows 11 PCs - and this is one of the reasons for the stricter system requirements for Windows 11.
Windows Defender Application Control, which lets you create policies for what applications and drivers can run on a PC, is no longer restricted to just the Enterprise version of Windows.
The Device Health Attestation API in Windows is a way for not just Microsoft security tools but third-party options like AirWatch and Mobile Iron to protect the security agent running on the system from the kind of tampering malicious drivers permit attackers to do.
Like HVCI, the driver blocklists and the other security features that are on by default in Windows 11, smart app control will only be on by default if you buy a new PC with Windows 11 or do a clean install.
News URL
Related news
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft to start force-upgrading Windows 22H2 systems next month (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Windows 10 KB5043064 update released with 6 fixes, security updates (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Microsoft fixes Windows Server performance issues from August updates (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws (source)
- About that Windows Installer 'make me admin' security hole. Here's how it's exploited (source)