HomeWinBuzzer NewsMicrosoft Defender Gets Vulnerable Driver Blocklist

Microsoft Defender Gets Vulnerable Driver Blocklist

Microsoft Defender Vulnerable Driver Blocklist helps the suite protect Windows users from malicious drivers by creating a blocklist.


, the /10 version of the suite, has recently been given a tool that protects the OS from malicious . Known as Vulnerable Driver Blocklist, the feature can be found in the Application Control section of Defender.

Microsoft explains in a blog post how drivers are often easier targets for threat actors:

“Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel.”

The new feature was announced by David Weston, Microsoft Vice President of Enterprise and OS Security. On Twitter, the exec pointed to a blog post that accompanies the launch. In the page, Microsoft explains how the Windows Defender Vulnerable Driver Blocklist can improve security on Windows:

The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:

  • Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
  • Malicious behaviors (malware) or certificates used to sign malware
  • Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel”

Available Now

According to Microsoft, the tool discovers harmful drivers thanks to the company working with its partners. Together they can identify risk drivers and develop the “ecosystem block policy.” OEMs can also inform Microsoft is problem drivers.

Users across Windows 11, , and Windows Server 2016 and higher can access the new feature.

Tip of the day: Do you often experience PC freezes or crashs with Blue Screens of Death (BSOD)? Then you should use Windows Memory Diagnostic to test your computers RAM for any problems that might be caused from damaged memory modules. It is a tool built Microsoft which can be launched at startup to run various memory checks.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News