Microsoft appears to have finally addressed an issue that could have left Windows users at risk of all kinds of cyberattacks.
A cyberattacking method called Bring Your Own Vulnerable Driver, or BYOVD for short. It revolves around the attackers installing older, legitimate software drivers, known for carrying vulnerabilities, on target endpoints (opens in new tab). Installing a legit driver will not trigger any antivirus (opens in new tab) alarms, but will open up the backdoors for attackers to deliver more dangerous payload.
However the researchers aren’t happy with how the company addressed the issue, as it would seem Microsoft only created a one-time solution for a problem that needs continuous support.
The number of BYOVD attacks rose significantly in the past couple of months, prompting researchers from Ars Technica to investigate if Microsoft’s solutions to the problem (which it dubbed “Secured Core” PCs) work as intended, or not. That’s when they realized the list hadn’t been updated in quite some time.
“But as I was reporting on the North Korean attacks mentioned above, I wanted to make sure this heavily promoted driver-blocking feature was working as advertised on my Windows 10 machine,” Ars Technica’s Dan Godin writes. “Yes, I had memory integrity turned on in Windows Security > Device security > Core isolation, but I saw no evidence that a list of banned drivers was periodically updated.”
Microsoft dismissed the initial findings as irrelevant, but as other researchers chimed in, it later changed its stance, saying it was “fixing the issues with our servicing process which has prevented devices from receiving updates to the policy,” Godin added.
“The vulnerable driver list is regularly updated, however we received feedback there has been a gap in synchronization across OS versions,” Microsoft was cited saying. “We have corrected this and it will be serviced in upcoming and future Windows Updates. The documentation page will be updated as new updates are released.”
While Microsoft claimed it solved the problem by having a driver blocklist that’s constantly being updated, researchers discovered that the company hasn’t…