Windows 10 and Server systems unprotected since 2019
Microsoft appears to have finally fixed a driver issue that left some Windows Server and 10 systems exposed to vulnerable drivers.
Redmond has been dogged by criticism that its hypervisor-protected code integrity tool, much-hyped by Microsoft over the past two years as a key way to protect users from bring-your-own-vulnerable-driver attacks, was not fulfilling its promise. This month it emerged that the list of vulnerable drivers the tool was supposed to be blocking was outdated on machines running on mnay pre-Windows 11 operating systems, including those with Windows 10 and Windows Server.
This left the door open to BYOVD attacks, in which malicious drivers sail through approval via the Windows Hardware Compatibility Program. Once installed, it gives attackers escalated privileges that could grant control of the system, run malicious code, and disarm security tools. According to Microsoft, attacks based on vulnerable drivers have been used in a range of malware onslaughts, from