New Microsoft Windows security feature blocks unsafe drivers

Microsoft presently permits Windows clients to obstruct drivers with known weaknesses with the assistance of Windows Defender Application Control (WDAC) and a weak driver blocklist.

The new choice is important for the Core Isolation set of safety highlights for gadgets that utilize virtualization-based security.

It chips away at gadgets running Windows 10, Windows 11, and Windows Server 2016 or more with hypervisor-safeguarded code respectability (HVCI) empowered and on Windows 10 frameworks in S mode.

WDAC, the product-based security layer that obstructs the weak drivers, safeguards Windows frameworks against possibly malignant programming by guaranteeing that main confided in drivers and applications can run, impeding malware and undesirable programming from sending off.

The weak driver blocklist utilized by this new Windows security choice is stayed up with the latest with the assistance of free equipment sellers (IHVs) and Original Equipment Manufacturers (OEMs). Drivers can likewise be submitted for security investigation through the Microsoft Security Intelligence Driver Submission page.

It solidifies Windows frameworks against outsider created drivers with any of the accompanying ascribes:

Known security weaknesses that aggressors can take advantage of to raise honors in the Windows bit.

Malevolent ways of behaving (malware) or testaments used to sign malware
Ways of behaving that are not noxious however dodge the Windows Security Model and can be taken advantage of by assailants to hoist honors in the Windows bit
The “Microsoft Vulnerable Driver Blocklist” choice can be flipped on from Windows Security > Device security > Core separation.

Once empowered, it obstructs specific drivers in light of their SHA256 hash, because of document credits, for example, the filename and rendition number, or on the code marking declaration used to sign the driver.

This element will likewise cause real projects not to work, like Cheat Engine and Process Hacker, as their drivers are hindered.

“Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen,” Microsoft likewise cautions.

“It’s recommended to first validate this policy in audit mode and review the audit block events.”

A Microsoft representative was not accessible for input when reached by BleepingComputer recently.

Microsoft likewise plans to send off another arrangement administration for drivers and firmware (as a public review beginning with the main portion of 2022) to give Windows administrators unlimited oversight over driver refreshes by permitting them to choose the right drivers for gadgets in their endeavor organizations.