Microsoft takes action to eliminate potential Windows 11 vulnerability
Date:
Tue, 29 Mar 2022 12:25:33 +0000
Description:
Microsoft is giving Windows 11 users a way to avoid tainted drivers.
FULL STORY ======================================================================
Windows users can now block compromised drivers, using Windows Defender Application Control (WDAC) and a list of known vulnerable drivers.
According to a BleepingComputer report, the new option is part of the Core Isolation set of security features, designed for endpoints with virtualization-based security.
Windows 10, Windows 11, and Windows Server 2016 and newer will all benefit from the new offering. Hypervisor-protected code integrity (HVCI) needs to be enabled, while Windows 10 systems need to be in S mode, it was added. TechRadar needs you!
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window << Looking for known malicious activities
To be accepted, the drivers need to be trusted, and not end up on the vulnerable driver blocklist. This blocklist will be kept up to date by independent hardware vendors and original equipment manufacturers.
Developers can also submit their drivers for analysis via the Microsoft Security Intelligence Driver Submission page.
The new feature will look for known vulnerabilities that result in escalation of privileges, as well as behavior that tries to circumvent the Windows Security Model.
The drivers that end up on the blocklist will be banned based on their SHA256 hash, file names, version numbers, as well as the certificate used to sign
the code. And users can toggle the Microsoft Vulnerable Driver Blocklist from Windows Security > Device Security > Core isolation. Read more
Installing gaming drivers might leave your PC vulnerable to cyberattacks
A crappy Windows 11 driver is killing HP laptops and owners are angry
How to update drivers in Windows 10
However, the move also means some legitimate software might not work.
"Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen," Microsoft said. "It's recommended to first validate this policy in audit mode and review the audit block events."
Microsoft recommends enabling HVCI or S mode to protect your devices against security threats, the advisory concludes. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows
Defender Application Control policy.
Supply chain attacks are a common occurrence these days. Threat actors often use software updates to distribute potent viruses , such as in the case of SolarWinds. Driver updates could potentially be used for the same purpose. Check out the best ransomware protection software right now
Via BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/microsoft-takes-steps-to-eliminate-potential-wi ndows-11-vulnerability/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)