Microsoft Windows users were in danger of being targeted by hackers, sometimes for years, as the company’s malicious drivers blocklist updates did not work as they should, according to tech media outlet The Verge.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
Journalists and a cybersecurity professional found that the software company’s hypervisor-protected code integrity (HVCI), which serves as a defence against malicious drivers, did not protect users as it downloaded a malicious driver that was already on a Microsoft blocklist.
Drivers help computers interact with cameras and printers, but they also lead to the kernel, or the figurative heart of the operating system. The security implications are huge.
Microsoft clarified on October 14 that the vulnerable driver blocklist was enabled by default on all devices, due to the Windows 11 2022 update. However, the cyber security professional claimed that the driver blocklist hadn’t been updated for around three years.
If confirmed, this means users could have been vulnerable to attacks from as early as 2019. Hackers, including North Korean cyber criminals, have exploited vulnerable drivers to carry out crimes ranging from cheating in video games to attacking employees in sensitive, high-security positions. These are known as bring-your-own-vulnerable-driver or BYOVD attacks.
“We plan to update the current blocklist for non-Windows 11 customers in an upcoming servicing release and will occasionally publish future updates through regular Windows servicing,” said Microsoft in its statement.
It is unclear how the tech company specifically plans to address the latest security lapse so it does not happen again.
Users are also worried that they will have to manually update the blocklists from now on.
