What a dumpling! For nearly three years, Microsoft neglected updating a blacklist of outdated and potentially virus-carrying drivers that was supposed to protect Windows. While waiting for an update from the publisher, take the lead!
Since the arrival of Windows 10, Microsoft has continued to multiply protection solutions to lock access to the system and make life difficult for hackers of all stripes. Among the techniques in vogue among hackers, the method of BYOD (Bring Your Own Driver or Bring your own driver in French). It consists, for a malicious person, in modifying a peripheral driver (like that of a printer for example) by inserting malicious code there in order to reach the sensitive elements of the system like the kernel. Aware of the potential danger of drivers – since they require administrator rights to be installed – Windows requires that they have a digital signature. In other words, Microsoft has to approve them with their publishers. This procedure has been in place for many, many years. Without this digital signature, no installation possible.
However, even if the driver is corrected by its developer, its vulnerable version remains a good way for a hacker to simplify the task. It still benefits from the digital signature affixed by Microsoft. To avoid the BYOD phenomenon, Windows maintains a blacklist of old, non-updated drivers that may have security flaws allowing hackers to seize them. The publisher has also implemented a kernel protection system such as HVCI (Hypervisor-Protected Code Integrity) which can be activated in the Windows security settings – in Windows 10 and Windows 11 – and allows the kernel to be isolated by preventing attacks from inserting malicious code into high-security processes. In short, we feel safe. This would indeed be the case… if Microsoft went to the end of its idea.
Windows Security: When Windows Update is not up to date
Alas, Microsoft seems to have neglected an essential link in its chain of protection and monitoring: updating its blacklist of drivers potentially carrying security flaws. Normally, Windows Update automatically adds new software drivers to this famous list. Except that’s not the case. This was revealed Will Dormanas explained Ars-Technica. This Senior Vulnerability Analyst for the US Security Company Analygence was thus able to install old vulnerable drivers on a PC yet equipped with Microsoft’s HVCI protection system. Surprising since the drivers in question were indeed on the Windows blacklist. The HVCI system is therefore very inefficient. Above all, he realized that the famous blacklist had not been updated since 2019! A real negligence on the part of Microsoft which has therefore left a gaping hole in its system for almost three years. Alerted, Microsoft said it was in the process of solving the problem. A future Windows update should fix it. However, the publisher has not announced a date.
Also, in the meantime, stay vigilant about the drivers you install on your PC. Better to download a driver directly from the device manufacturer’s website – which requires some sometimes complex research into the components of your computer and their manufacturers. To make your life easier, you can also go to a specialized site like AllDriverswhich will perform a complete analysis of your PC by searching for and installing the appropriate and up-to-date versions of all your PC’s drivers (see our practical sheet on the subject, which details all the steps).