>
Microsoft maintains a list of old and vulnerable drivers, which threat actors can use to sneak viruses, ransomware and other malware to endpoints of their choice.
However, the last update was in 2019 – until now. After two years of inactivity, the list has finally been updated, but not for all Windows users at once.
in a Announcement (opens in new tab) published on the company blog, Microsoft said the blocklist used by the hypervisor-protected code integrity (HVCI) tool will be updated once or twice a year from now on.
More ways to update
“The block list is updated with every new major release of Windows, usually 1-2 times a year, including most recently with the Windows 11 2022 update released in September 2022,” Microsoft said. “The most current block list is now also available to Windows 10 20H2 and Windows 11 21H2 users as an optional update from Windows Update. Microsoft will occasionally release future updates through regular Windows services.”
Users who always want the latest driver blocklist update can use Windows Defender Application Control (WDAC) to apply the latest blocklist, the company said. For convenience, the company has provided a download of the most current vulnerable driver block list, as well as instructions on how to apply it. here (opens in new tab).
Microsoft has been criticized lately for its lack of updates to its vulnerable driver block list — especially as the number of attacks using this method skyrocketed.
The method is called Bring Your Own Vulnerable Driver (BYOVD), and it’s quite simple: a threat actor would trick a victim, usually through social engineering or phishing, into downloading a Windows driver that is known to be defective. .
Since it is a signed driver, it does not trigger alarms for antivirus or endpoint security services. It just installs like any other non-malicious thing. The driver, which is flawed, gives the hackers access to the device, which they can later use for any other attack they see fit – ransomware, botnets, data exfiltration, etc.
Through: The register (opens in new tab)