Microsoft Finds New Way To Block Bad Drivers From Making It To Windows Update

[Lorean Hoefert]

Blocking drivers can cause devices or software to malfunction, and in rare cases, lead to blue screen. The vulnerable driver blocklist is not guaranteed to block every driver found to have vulnerabilities. Microsoft attempts to balance the security risks from vulnerable drivers with the potential impact on compatibility and reliability to produce the blocklist. As always, Microsoft recommends using an explicit allow list approach to security wherever possible.

Microsoft Finds New Way to Block Bad Drivers from Making It to Windows Update

Download https://vbooc.com/2yVaiw

Microsoft also recommends enabling Attack Surface Reduction (ASR) rule Block abuse of exploited vulnerable signed drivers to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from loading, however enabling Microsoft vulnerable driver blocklist or applying this WDAC policy will prevent the existing driver from loading.

Yes. For example, instances running under the Nitro Hypervisor boot from EBS volumes using an NVMe interface. Instances running under Xen boot from an emulated IDE hard drive, and switch to the Xen paravirtualized block device drivers.

aa06259810