1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft is finally cutting down on this list of dodgy Windows d

    From TechnologyDaily@1337:1/100 to All on Thu Oct 27 20:45:03 2022
    Microsoft is finally cutting down on this list of dodgy Windows drivers

    Date:
    Thu, 27 Oct 2022 19:34:45 +0000

    Description:
    The HVCI list should be updated once or twice a year, Microsoft promises.

    FULL STORY ======================================================================

    Microsoft keeps a list of old and vulnerable drivers, which threat actors can use to sneak viruses, ransomware , and other malware into endpoints of their choosing.

    However, the last update was in 2019 - until now. After two years of sitting idly, the list has finally been updated - but not for all Windows users at once, though.

    In an announcement published on the company blog, Microsoft said that the blocklist used by the hypervisor-protected code integrity (HVCI) tool will, from now on, be updated once or twice a year. More ways to update

    The blocklist is updated with each new major release of Windows, typically
    1-2 times per year, including most recently with the Windows 11 2022 update released in September 2022, Microsoft said. The most current blocklist is now also available for Windows 10 20H2 and Windows 11 21H2 users as an optional update from Windows Update. Microsoft will occasionally publish future
    updates through regular Windows servicing.

    Users who always want the latest update to the driver blocklist can use Windows Defender Application Control (WDAC) to apply the latest blocklist,
    the company further stated. For the sake of convenience, the company provided a download of the most up-to-date vulnerable driver blocklist, as well as instructions on how to apply it, found here . Read more

    Installing gaming drivers might leave your PC vulnerable to cyberattacks


    Microsoft's own mistake may have left users at risk of malware attacks


    Check out the best internet security suites right now

    Microsoft has been getting a lot of criticism lately for the lack of updates to the vulnerable driver blocklist - mainly because the number of attacks using this method skyrocketed.

    The method is called Bring Your Own Vulnerable Driver (BYOVD), and its quite
    a simple thing: a threat actor would trick a victim, usually through social engineering or phishing, into downloading a Windows driver thats known for being faulty.

    Being a signed driver, it doesnt trigger any antivirus or endpoint protection services alarms. It just installs like any other non-malicious thing. The driver, being flawed, gives the hackers access to the device, which they can later use for any other attack they see fit - ransomware, botnets, data exfiltration, etc. These are the best firewalls out there

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-is-finally-cutting-down-on-this-list- of-dodgy-windows-drivers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)