Having Microsoft verify third-party drivers with a digital signature, so that Windows will block the loading of unsigned drivers, seemed like a good idea when it came in with Windows Vista. Enforcing quality control would remove a big source of crashes, as well as security loopholes. But it seems the execution falls somewhat short <https://arstechnica.com/information-technology/2022/10/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years/>. The system for revoking signatures for old, obsolete drivers that are discovered to have security vulnerabilities in them doesn’t seem to work very well, allowing miscreants to exploit this old code to gain control of Windows systems. This has been dubbed a “Bring Your Own Vulnerable Device/Driver” (BYOVD) attack. Microsoft’s own Vice President of “OS Security and Enterprise” continues to claim that “Windows has everything you need to block” buggy signed drivers. Yet the article’s author was unable to get the mechanism to work. And Microsoft itself appeared to have no interest in helping to fix that. It seems to me, one thing missing from the mechanism is a time limit on signature validity. By contrast, when you get SSL/TLS certs for your website, they are only valid for some fixed interval (e.g. a year for certs from traditional certificate authorities, 90 days for ones from Let’s Encrypt). This means that clients using such certificates do not need to maintain an ever-growing list of revoked ones to check against, since ones that are past their expiry date can be rejected anyway. If the cert for a Windows driver has expired, but the driver itself is still valid, Microsoft should be able to simply renew the certificate. But I guess if Microsoft’s servers are struggling just to distribute certificate revocations, having to push out renewals as well will likely just make things worse.