On Thu, 6 Oct 2022 14:36:36 +1300, I wrote:
Having Microsoft verify third-party drivers with a digital signature, so that Windows will block the loading of unsigned drivers, seemed like a good idea when it came in with Windows Vista. Enforcing quality control would remove a big source of crashes, as well as security loopholes.
But it seems the execution falls somewhat short <https://arstechnica.com/information-technology/2022/10/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years/>.
Followup article from the same author <https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/>. As an example, this linked description <https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html> of the Genshin Impact vulnerability makes it clear you don’t even have to be a player of that game: the malware can install its own copy of the driver, and use that to crack your system, regardless. This would apply to other vulnerable drivers for hardware or software you don’t own: the mere existence of such vulnerable drivers is a danger to all current Windows systems. But it seems Microsoft has finally noticed that its notification system for vulnerable drivers isn’t working: What the program manager was saying boiled down to this: If you thought HVCI was protecting you from recent BYOVD attacks, you were probably wrong. Windows 10 hadn't updated the list in almost three years. That’s a long time to go without noticing that a system is broken ...