The Windows Security Center in Windows 10 and Windows 11 just got a bit better. As announced by David Weston, the vice president of operating system security and enterprise and Microsoft, the built-in free Windows antivirus now has a new option to protect against vulnerable drivers, though we’re not seeing it on our Windows 11 systems just yet.
New Windows security option: Enable more aggressive blocklist which includes vulnerable drivers pic.twitter.com/n3b2GzAWHA
— David Weston (DWIZZZLE) (@dwizzzleMSFT) March 27, 2022
Known as “Microsoft Vulnerable Driver Blocklist,” this new feature of Windows Security can help block drivers with security vulnerabilities from running on your device. It sounds simple, but it has become a common problem. According to Microsoft, malicious actors are exploiting vulnerabilities in legitimate and signed kernel drivers to run malware in the Windows kernel. Here’s how the feature works to help prevent this.
Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they’re quickly patched and rolled out to the ecosystem. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy.
This feature should show up on Hypervisor-protected code integrity (HVCI) enabled devices or Windows 10 in S mode devices. It should show listed under the Device Security section of Windows Security, when ready for your system. We checked on our end, and it doesn’t appear to have rolled out yet, but we asked Weston for clarification on which systems will get the feature. We’ll update this post when we hear back, but you can learn more about the technicalities of this by heading to Microsoft Docs.