Windows Defender updates malicious drivers with the new block list
Microsoft is improving basic Windows protection with new, integrated features in Defender. This also includes a block list for potentially vulnerable drivers or their updates. Now Microsoft shows how it works. Microsoft Manager David Weston (Vice President Corporate and Operating System Security) drew attention to the new Windows Defender extra on Twitter. As a security tool, Defender protects against a variety of threats, including malware detection, phishing, spoofing, and extras such as firewalls and hardware-assisted security features.
Windows Defender now has a new feature called “Microsoft Vulnerable Driver Blocklist”. The feature is part of Windows Defender Application Control and protects devices from malicious drivers. It is available in Windows 11, Windows 10, and Server 2016 and later. How this list of driver blockers should help protect Windows devices, Microsoft has in a Support document for the described function It states: The Vulnerable Driver Blocklist is intended to help protect systems against third-party-developed drivers in the Windows ecosystem that exhibit any of the following:
- Known vulnerabilities that could be exploited by attackers to elevate privileges in the Windows kernel
- Malicious behavior (malware) or certificates used to sign malware
- Behavior that is not malicious, but circumvents the Windows security model and can be exploited by attackers to increase privileges in the Windows kernel
Block List Collaboration
All potentially harmful drivers are identified and included in a block list. These are then applied to devices with Hypervisor Protected Code Integrity (HVCI) enabled or devices with S mode. On the website “Microsoft Security Intelligence Driver Submission Drivers can be sent to Microsoft for security analysis. To report a problem or request a change to the block list for vulnerable drivers, for example, if a driver has received an update that allows the block to be unblocked, there is also a contact option there for the Microsoft partners.
Research Snipers is currently covering all technology news including Google, Apple, Android, Xiaomi, Huawei, Samsung News, and More. Research Snipers has decade of experience in breaking technology news, covering latest trends in tech news, and recent developments.
