Integrating the Microsoft Defender solution against malware, Windows Security has recently benefited on Windows 10, Windows 11 and Windows Server 2016 from a new protection whose purpose is to block the execution on the device of drivers (drivers) with vulnerabilities. of security.
In addition to devices with Windows 10 in S mode, such protection concerns devices for which security features that exploit virtualization are activated (kernel isolation). In particular, memory integrity.
Microsoft otherwise refers to HVCI – Hypervisor-protected code integrity – with its Hyper-V technology to protect Windows kernel-mode processes from malicious code injections.
A block list with partners
The blocking of third-party drivers affects those for which known vulnerabilities can be exploited by attackers for elevation of privilege in the Windows kernel. There is also talk of certificates used to sign malware or bypassing the security model for driver developers.
The blocking policy for harmful drivers takes into account work with partners and suppliers of Microsoft, which has also set up a Vulnerable and Malicious Driver Reporting Center web portal. It allows to report and share potentially vulnerable or malicious drivers.
Source: GNT – actualités by www.generation-nt.com.
*The article has been translated based on the content of GNT – actualités by www.generation-nt.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!