Microsoft failed to protect the Windows PC users from malicious drivers for nearly three years, since 2019, as per a report from Ars Technica. Although Microsoft claims that each Windows Update delivered to the system automatically adds new software drivers to a blocklist but the report says that Windows wasn’t properly downloading and applying updates, and as a result users were prone to these malicious attacks.
The malware technique, known as BYOVD, which stands for “bring your own vulnerable driver” – makes it simple for a hacker with administrative access to get around Windows kernel security. The attacker just installs any one of the many third-party drivers with known vulnerabilities rather than creating an exploit from scratch. The attacker then takes use of such flaws to quickly access some of Windows’ most heavily guarded areas.
Usually, Redmond’s tech giant is known to use hypervisor-protected code integrity or as it is called, HVCI as a security measure to protect the system from such attacks. Adding to this, Senior vulnerability analyst Will Dormann is reported to claim that this security measure didn’t properly protect users.
“If HVCI is not enabled, there is NO automatic blocking of the known vulnerable driver on the Microsoft recommended driver block rules list,” writes Will Dormann in a tweet claiming that Redmond’s tech giant has not updated the blocklist since 2019. Furthermore, Microsoft’s project manager Jeffery Sutherland replied to the tweet saying, “We have updated the online docs and added a download with instructions to apply the binary version directly.”
A Microsoft spokesperson said that the vulnerable driver list is updated regularly; however, the company received feedback that there’s been a gap in the sync across OS versions. He further adds in the statement to Ars Technica, “We have corrected this” and promised that it will be serviced in the upcoming Windows Updates.
