Microsoft's Windows computer security features have had problems over the past 3 years

Specifically, Microsoft always affirms that the list of malware is updated and added to each Windows update so that users do not download it by mistake. But in fact, vulnerabilities still exist in this update, allowing malicious code to easily penetrate the computer.

These vulnerabilities help hackers use an attack called BYOVD (Bring your own vulnerable driver) to install malicious drivers on users' computers, penetrating systems.

It is known that to protect devices from being infiltrated by malicious drivers, Microsoft is using the security feature of the Hypervisor-Enforced Code Integrity (HVCI) server. However, expert from cybersecurity company Analygence, Will Dormann, said that HVCI cannot prevent these malware.

Last September, in a Twitter post by Dormann, Mr. Analygence shared that he had downloaded WinRing0, a malicious driver that was on Microsoft's download block list even though the device had HVCI enabled.

Later, the expert discovered that the Windows download blocking list had not been updated for the past 3 years. He added that the Attack Surface Reduction feature does not protect the computer as the company promised.

Therefore, even if HVCI on the computer is enabled, there is still a risk of being compromised in the past 3 years.

In response to information about the driver update process being blocked on Windows computers, Jeffery Sutherland - Microsoft's Project Manager, also acknowledged this problem. He added that the company is fixing the service system error that prevents users from fully receiving this update.

According to Ars Technica, many attacks in the form of BYOVD have taken place in recent times.

Samuel Daniel

Update 18 October 2023