Security News > 2022 > April > How Microsoft blocks vulnerable and malicious drivers in Defender, third-party security tools and in Windows 11
While there are some malicious drivers that are deliberately crafted to compromise PCs, the most problems come from a small number of legitimate drivers with accidental flaws in, said David Weston, VP of Enterprise and OS Security at Microsoft.
"Think about some of the driver cases recently where a certificate leaked from a giant vendor. If we revoke that, everyone's devices may stop working. We need more of a precision mechanism to do blocking while we work towards the longer approach of revocation. The Vulnerable Driver Block List allows the user to do that with a very precise list that Microsoft has validated. We look at things like how many devices would stop working? Have we worked with a vendor to have a fix? We think the list is a good balance for folks who want security, but also want the confidence that Microsoft has done the telemetry and analysis."
HVCI and the Microsoft Vulnerable Driver Blocklist are among the hardware security options that are now on by default on many Windows 11 PCs - and this is one of the reasons for the stricter system requirements for Windows 11.
Windows Defender Application Control, which lets you create policies for what applications and drivers can run on a PC, is no longer restricted to just the Enterprise version of Windows.
The Device Health Attestation API in Windows is a way for not just Microsoft security tools but third-party options like AirWatch and Mobile Iron to protect the security agent running on the system from the kind of tampering malicious drivers permit attackers to do.
Like HVCI, the driver blocklists and the other security features that are on by default in Windows 11, smart app control will only be on by default if you buy a new PC with Windows 11 or do a clean install.
News URL
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors (source)
- Recent Windows updates break Microsoft Connected Cache delivery (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft now testing app ads in Windows 11's Start menu (source)