Windows Defender, the Windows 11/10 version of the Microsoft Defender suite, has recently been given a tool that protects the OS from malicious drivers. Known as Microsoft Vulnerable Driver Blocklist, the feature can be found in the Application Control section of Defender.
Microsoft explains in a blog post how drivers are often easier targets for threat actors:
“Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel.”
The new feature was announced by David Weston, Microsoft Vice President of Enterprise and OS Security. On Twitter, the exec pointed to a blog post that accompanies the launch. In the page, Microsoft explains how the Windows Defender Vulnerable Driver Blocklist can improve security on Windows:
“The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
- Malicious behaviors (malware) or certificates used to sign malware
- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel”
New Windows security option: Enable more aggressive blocklist which includes vulnerable drivers pic.twitter.com/n3b2GzAWHA
— David Weston (DWIZZZLE) (@dwizzzleMSFT) March 27, 2022
According to Microsoft, the tool discovers harmful drivers thanks to the company working with its partners. Together they can identify risk drivers and develop the “ecosystem block policy.” OEMs can also inform Microsoft is problem drivers.
Users across Windows 11, Windows 10, and Windows Server 2016 and higher can access the new feature.
Tip of the day: Do you often experience PC freezes or crashs with Blue Screens of Death (BSOD)? Then you should use Windows Memory Diagnostic to test your computers RAM for any problems that might be caused from damaged memory modules. It is a tool built Microsoft which can be launched at startup to run various memory checks.