Microsoft Defender blocks OEM drivers | Pentest7

top cybersecurity companies

Microsoft is adding a new security option to Windows Defender that aims to help protect against malicious OEM drivers on Windows 10 and 11 devices.

Microsoft adds Windows Defender below windows 10Windows 11 and Windows Server 2016 or newer versions add a new feature to block vulnerable drivers. This feature aims to help IT professionals protect users from malicious drivers.

Microsoft Vice President of OS Security and Enterprise David Weston tweeted on March 27th about the new Windows security option. The feature is enabled by default in Windows 10 in S mode and on devices that have the Memory Integrity Core Isolation feature, which relies on virtualization-based security. (This Core Isolation Memory Integrity feature is also known as Hypervisor-Protected Code Integrity, or HVCI). For more details, see this Microsoft article on recommended driver blocking rules.

This blocking feature relies on a list of blocked drivers maintained by Microsoft in collaboration with OEM partners. As explained on ghacks.net, these drivers can be marked as blocked because they have known vulnerabilities that can be exploited to elevate Windows kernel privileges. These drivers act as malware, certificates used to sign malware, or exhibit behaviors that bypass the Windows security model and can be used to elevate Windows kernel privileges.

Leave a Reply

Your email address will not be published.