Microsoft has released a new optional update for Windows 10 and Windows 11 version 22H2. This release brings bug fixes for a critical security issue that was previously preventing the Windows kernel vulnerable driver blocklist from being synced to older versions of Windows.
The hypervisor-protected code integrity (HVCI) feature is designed to protect Windows users from driver vulnerabilities. The feature uses data from the Microsoft Vulnerable and Malicious Driver Reporting Center to automatically block known vulnerable drivers from running on Windows PCs. HVCI requires specific hardware support and prevents threat actors from gaining complete control over the system.
Earlier this month, some security researchers discovered that the vulnerable driver blocklist has not been updated since 2019 on some Windows 10 and Windows Server machines. This potentially allowed the attackers to compromise vulnerable machines via bring-your-own-vulnerable-driver (BYOVD) attacks. A BYOVD attack typically tricks users into installing a known-vulnerable driver that could be exploited to gain privileged access to the Windows kernel.
Microsoft identified that malicious actors have been abusing vulnerable drivers to spread malware infections, such as Sauron, GrayFish, and RobbinHood. In 2020, the company unveiled its Secured Core PCs with HVCI enabled by default to block vulnerable driver attacks. In the Windows 11 2022 Update, Microsoft has also turned on vulnerable driver blocking by default on all devices.
Microsoft recently said in a statement to Ars Technica that it’s updating the vulnerable driver list on a regular basis. However, there was “a gap in synchronization across OS versions.” Microsoft confirmed in the release notes that the October 2022 preview release should address the problem and ensure the blocklist is the same across Windows 10 and Windows 11.
“This October 2022 preview release addresses an issue that only updates the blocklist for full Windows OS releases. When you install this release, the blocklist on older OS versions will be the same as the blocklist on Windows 11, version 21H2 and later,” Microsoft explained.
For enterprise customers, Microsoft has also released several fixes to address problems with the Microsoft Edge IE mode. Users can install this new optional patch through Windows Update on Windows 10 and 11 devices. As usual, all the fixes included in the update will eventually roll out to all users with the November 2022 Patch Tuesday updates.