According to a study, Microsoft failed to protect Windows PC users from malicious drivers since 2018, where drivers are used to communicate with external devices, such as hard disks, cameras, printers, and smartphones. Each driver must be digitally signed to ensure that it is safe for use. This is because, since an existing digitally signed driver has a security flaw, it could be easily exploited by hackers. This has reportedly caused people to be exposed to a type of cyberattack called Bring Your Own Virtual Driver (BYOVD
Microsoft''s hypervisor-protected code integrity (HVCI) is used as a security measure against such attacks. ArsTechnica, a senior vulnerability analyst, claims that this security tool did not correct users against being infected with compromised drivers.
Last month, Dormann posted a Twitter thread on how he had to download a malicious driver on a Microsoft HVCI-enabled device. He claims that the blocklist had not been updated since 2019, implying that users were not protected from these drivers for years.
What''s concerning is that irrespective of how many Windows Updates happen, the code integrity policy on a Win10 machine is at least 2 years old. Considering that HVCI-enabled systems will receive the benefit of automatic driver blocking, the list never updates, therefore will be quite old! pic.twitter.com/pd8bhHNOLo
Jeffery Sutherland, a Microsoft project manager, replied to Dormann''s comments and disclosed additional safeguards the company had recently taken to mitigate the issue. We have updated the online docs and added a download with instructions to use the binary version directly. Sutherland is also adamantly slammed.
Thanks for all of your feedback. We''ve updated the online documentation and added a download with instructions to use the binary version directly. We''re also fixing issues with our maintenance process, which has left devices out of receiving updates to the policy.
Microsoft has told ArsTechnica that it now adds malicious drivers to a blocklist that receives regular updates. However, we have discovered that there has been a loop in the synchronization across OS versions. This has been corrected, and it will be serviced in future Windows Updates. The documentation page will be updated as new updates are announced.
In recent times, many instances of BYOVD attacks have reached the headlines. Recently, cybercriminals exploited a vulnerability in the anti-cheat driver for Genshin Impact. Last year, North Korean hacking group Lazarus attacked an aerospace employee in the Netherlands.
- Uniswap Labs Bags $165 Million Funding, Valuation Jumps to $1.66 Billion