HomeWinBuzzer NewsMicrosoft Left Windows PCs Vulnerable by Not Updating Its Malicous Drivers List...

Microsoft Left Windows PCs Vulnerable by Not Updating Its Malicous Drivers List for Three Years

Microsoft is not properly protecting Windows systems from malicious drivers because of failings on its driver blocklist.


It seems did not properly maintain for almost three years, allowing them to fall out of date. As a consequence, malicious and/or broken drivers are leaving Windows PCs vulnerable. According to a report by Ars Technica, Microsoft was not updating its malicious driver blocklist.

Because of this lapse in coverage, users have been vulnerable to bring your own vulnerable driver (BYOVD) attacks.

Microsoft – at least in theory – demands that all drivers are digitally signed to prove that they are safe to use and updated. If there is any security hole, could exploit it to attack Windows. As such, Microsoft puts vulnerable drivers on a list.

This is important because drivers access core areas of the Windows platform but are not directly controlled by Microsoft. So, whether it is a driver for a printer or GPU, it is important that Microsoft ensures drivers are safe or at least warned when a driver is vulnerable and should be avoided.


In the report, Ars Technica points out Microsoft uses hypervisor-protected code integrity (HVCI) to protect Windows PCs from malicious drivers. However, it seems this protocol is not offering the level of protection that Microsoft says.

This means devices with HVCI have not been protecting Windows for three years. Microsoft says it has taken the findings on board and has made changes:

“The vulnerable driver list is regularly updated, however we received feedback there has been a gap in synchronization across OS versions,” A Microsoft spokesperson said in a statement to Ars Technica. “We have corrected this and it will be serviced in upcoming and future Windows Updates. The documentation page will be updated as new updates are released.” Microsoft didn't immediately respond to The Verge's request for comment.

Tip of the day: Need to reduce picture size of several images, but don't have the time to edit every one? Microsoft's PowerToys image resizer can batch-resize your photos with just two clicks.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News