Defender will now protect against malicious drivers with new "Vulnerable Dr...
source link: https://www.neowin.net/news/defender-will-now-protect-against-malicious-drivers-with-new-vulnerable-driver-blocklist/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Defender will now protect against malicious drivers with new "Vulnerable Driver Blocklist"
Windows Defender has very recently gained a new capability called "Microsoft Vulnerable Driver Blocklist". The feature is a part of Defender's Application Control option and will essentially protect devices from malicious drivers. Microsoft's Vice President of Enterprise and OS Security, David Weston, on Twitter, brought attention to the new feature.
The feature was added recently and in a blog post related to it, Microsoft has described how the new driver blocklist will help protect Windows devices:
The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
- Malicious behaviors (malware) or certificates used to sign malware
- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
Microsoft says that it identifies such harmful drivers by working with its various vendor partners and adds these to its "ecosystem block policy". These are then applied to Hypervisor-protected code integrity (HVCI)-enabled devices or those with S mode. The feature is available on Windows 11, 10, and Server 2016 and higher.
Microsoft has good reason to be on high alert against such drivers. In the past, as well as more recently too, plenty of Windows and Windows-signed drivers have been found to be compromised.
Recommend
-
23
For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unen...
-
5
TikTok Updates Community Guidelines and Safety Tools to Better Protect Vulnerable Users TikTok has announced...
-
2
Threat Intelligence ...
-
11
New feature added by Microsoft to Windows Defender Windows Defender, or as Microsoft calls it, Microsoft Defender, has recently been updated with a new feature supposed to protect Windows devices ag...
-
5
Microsoft Defender now available for individuals to protect their PCs and phones...
-
5
Microsoft Defender scores full marks in Windows 11 LSASS credential dump protection test...
-
3
Guest How AI and data enrichment can protect the vulnerable during a recession
-
5
Microsoft Defender reportedly tagging Zoom and Google as malicious sites
-
3
A quick script to check for vulnerable drivers. Compares drivers on system with list from loldrivers.io · GitHub Instant...
-
2
Lakera launches to protect large language models from malicious promptsPaul SawersThu, October 12, 2023 at 9:25 PM GMT+9·6 min readLarge...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK