Microsoft's almost three years of uncorrectly protecting PCs under Windows control from vulnerable drivers. According to the Ars Technology portal, although more drivers were added to the blacklist on a regular basis, they did not actually block, making computers increasingly vulnerable.
Because of this lack of protection, users' computers, in particular, were vulnerable to a particular type of attack — BYOVD. In general, drivers are vital to ensure that the operating system interacts with the external devices connected to the PC, as well as with components such as video cards — because they have access to the core of the operating system, Microsoft requires them to obtain their own electronic signature to show the security of such software. However, if in an already signed driver, all the tests have failed, the perpetrators can use it to attack.
For example, in August, hackers installed a BlackByte extortion software, using a device used to disperse iron, MSI afterburner. Not long ago, hackers used a anti-cat driver to play Genshin Impact, and North Korean band Lazarus organized a BYOVD attack on a number of significant individuals around the world.
Microsoft uses the so-called code integrity protection to determine that this protection does not provide the necessary level of safety.
According to Dormann, he had already been able to download a potentially harmful driver on an activated HVCI computer, even though he was on Microsoft's blacklist. Moreover, it became clear that the list had not been updated since 2019, and that the Windows Protector's function, i.e. Attack surface release, had not helped to eliminate the threat, and the computers had in fact remained vulnerable to this type of attack for three years.
Prior to the beginning of this month, Microsoft did not take steps to remedy the deficiencies, or perhaps not know about them. As long as the company proposes to manually address the problem, detailed information about the problem is available on its website and downloadable materials are available. The company promises that automatic treatment will be available in future Windows updates.