Microsoft retains a listing of outdated and susceptible drivers, which risk actors can use to sneak viruses, ransomware, and different malware into endpoints of their selecting. 

Nevertheless, the final replace was in 2019 – till now. After two years of sitting idly, the record has lastly been up to date – however not for all Home windows customers directly, although.

In an announcement (opens in new tab) revealed on the corporate weblog, Microsoft stated that the blocklist utilized by the hypervisor-protected code integrity (HVCI) software will, any more, be up to date a couple of times a 12 months. 

Extra methods to replace

“The blocklist is up to date with every new main launch of Home windows, sometimes 1-2 occasions per 12 months, together with most just lately with the Home windows 11 2022 replace launched in September 2022,” Microsoft stated. “Probably the most present blocklist is now additionally accessible for Home windows 10 20H2 and Home windows 11 21H2 customers as an non-obligatory replace from Home windows Replace. Microsoft will sometimes publish future updates by way of common Home windows servicing.”

Customers who at all times need the most recent replace to the driving force blocklist can use Home windows Defender Software Management (WDAC) to use the most recent blocklist, the corporate additional acknowledged. For the sake of comfort, the corporate offered a obtain of probably the most up-to-date susceptible driver blocklist, in addition to directions on apply it, discovered right here (opens in new tab).

Microsoft has been getting a number of criticism these days for the shortage of updates to the susceptible driver blocklist – primarily as a result of the variety of assaults utilizing this methodology skyrocketed. 

The tactic known as Carry Your Personal Weak Driver (BYOVD), and it’s fairly a easy factor: a risk actor would trick a sufferer, often by way of social engineering or phishing, into downloading a Home windows driver that’s identified for being defective. 

Being a signed driver, it doesn’t set off any antivirus or endpoint safety companies alarms. It simply installs like another non-malicious factor. The motive force, being flawed, offers the hackers entry to the machine, which they will later use for another assault they see match – ransomware, botnets, knowledge exfiltration, and many others. 

• These are the very best firewalls (opens in new tab) on the market

By way of: The Register (opens in new tab)