Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New Windows security feature blocks vulnerable drivers
Quote:Microsoft now allows Windows users to block drivers with known vulnerabilities with the help of Windows Defender Application Control (WDAC) and a vulnerable driver blocklist.

The new option is part of the Core Isolation set of security features for devices that use virtualization-based security.

It works on devices running Windows 10, Windows 11, and Windows Server 2016 and above with hypervisor-protected code integrity (HVCI) enabled and on Windows 10 systems in S mode.

WDAC, the software-based security layer that blocks the vulnerable drivers, protects Windows systems against potentially malicious software by ensuring that only trusted drivers and apps can run, blocking malware and unwanted software from launching.

The vulnerable driver blocklist used by this new Windows security option is kept up to date with the help of independent hardware vendors (IHVs) and Original Equipment Manufacturers (OEMs). Drivers can also be submitted for security analysis via the Microsoft Security Intelligence Driver Submission page.

It hardens Windows systems against third party-developed drivers with any of the following attributes:

Known security vulnerabilities that attackers can exploit to elevate privileges in the Windows kernel
Malicious behaviors (malware) or certificates used to sign malware
Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
The "Microsoft Vulnerable Driver Blocklist" option can be toggled on from Windows Security > Device security > Core isolation.

Continue reading HERE

Possibly Related Threads…
Thread Author Replies Views Last Post
  Almost 300 Windows 10 executables vulnerable to DLL hijacking tarekma7 0 1,548 06-27-2020 , 10:50 PM
Last Post: tarekma7

Forum Jump:

Users browsing this thread: 1 Guest(s)