Microsoft’s Outdated Driver List Exposed Windows PCs to Malware Attacks
October 17, 2022 By Raulf Hernes
(Image Credit Google)
According to a report, Microsoft failed to adequately defend Windows PCs against rogue drivers for almost three years.
Microsoft claims that its Windows updates add newly discovered harmful drivers to a blocklist that devices download, but reports claimed that these upgrades never ever took effect.
Users were exposed to a specific kind of attack known as BYOVD, or bringing their own vulnerable driver, because of this coverage gap.
The operating system of your computer communicates with hardware such as a printer, graphics card, and webcam through files called drivers.
Microsoft mandates that all drivers be digitally signed, demonstrating their safety for use, as drivers have access to the kernel, the heart of a device's operating system.
However, if a digitally signed driver that is currently in use has a security flaw, hackers may use it to access Windows directly.
A few of these attacks have already been carried out in the wild. In August, hackers infected a weak driver for the overclocking tool MSI AfterBurner with BlackByte ransomware.
Cybercriminals also recently used a flaw in the Genshin Impact game's anti-cheat driver to their advantage. Security company ESET just learned about the 2021 BYOVD attacks by the North Korean hacking outfit Lazarus on a Dutch aerospace worker and a Belgian political journalist late last month.
As per reports, Microsoft utilizes something called hypervisor-protected code integrity (HVCI), which is allegedly set by default on some Windows devices, to ward off rogue drivers.
Will Dormann, a senior vulnerability analyst at the cybersecurity firm Analygence discovered that this feature doesn't offer sufficient defense against rogue drivers.