It seems Microsoft did not properly maintain Windows drivers for almost three years, allowing them to fall out of date. As a consequence, malicious and/or broken drivers are leaving Windows PCs vulnerable. According to a report by Ars Technica, Microsoft was not updating its malicious driver blocklist.
Because of this lapse in coverage, users have been vulnerable to bring your own vulnerable driver (BYOVD) attacks.
Microsoft – at least in theory – demands that all drivers are digitally signed to prove that they are safe to use and updated. If there is any security hole, hackers could exploit it to attack Windows. As such, Microsoft puts vulnerable drivers on a list.
This is important because drivers access core areas of the Windows platform but are not directly controlled by Microsoft. So, whether it is a driver for a printer or GPU, it is important that Microsoft ensures drivers are safe or at least warned when a driver is vulnerable and should be avoided.
In the report, Ars Technica points out Microsoft uses hypervisor-protected code integrity (HVCI) to protect Windows PCs from malicious drivers. However, it seems this protocol is not offering the level of protection that Microsoft says.
This means devices with HVCI have not been protecting Windows for three years. Microsoft says it has taken the findings on board and has made changes:
“The vulnerable driver list is regularly updated, however we received feedback there has been a gap in synchronization across OS versions,” A Microsoft spokesperson said in a statement to Ars Technica. “We have corrected this and it will be serviced in upcoming and future Windows Updates. The documentation page will be updated as new updates are released.” Microsoft didn't immediately respond to The Verge's request for comment.
Tip of the day: Need to reduce picture size of several images, but don't have the time to edit every one? Microsoft's PowerToys image resizer can batch-resize your photos with just two clicks.