Integrating the Microsoft Defender solution against malware, Windows Security has recently benefited on Windows 10, Windows 11 and Windows Server 2016 from a new protection whose purpose is to block the execution on the device of drivers (drivers) with vulnerabilities. of security.
In addition to devices with Windows 10 in S mode, such protection concerns devices for which security features that exploit virtualization are activated (kernel isolation). In particular, memory integrity.
Microsoft otherwise refers to HVCI – Hypervisor-protected code integrity – with its Hyper-V technology to protect Windows kernel-mode processes from malicious code injections.
A block list with partners
The blocking of third-party drivers affects those for which known vulnerabilities can be exploited by attackers for elevation of privilege in the Windows kernel. There is also talk of certificates used to sign malware or bypassing the security model for driver developers.
The blocking policy for harmful drivers takes into account work with partners and suppliers of Microsoft, which has also set up a Vulnerable and Malicious Driver Reporting Center web portal. It allows to report and share potentially vulnerable or malicious drivers.
.
The post Windows security with protection against vulnerable drivers appeared first on Gamingsym.