Microsoft finally officially admitted the fact that windows remained exposed to possible malware attack through a vulnerability present in the drivers of the operating system, which in fact persisted for almost 3 years.
The problem is related to some flaws that emerged in automatic protection system on drivers: Windows Update should in fact automatically add new drivers to a block list that should prevent the spread of malware, but in some cases the verified and signed drivers can still have security holes.
Since drivers are able to access every section of the operating system, including the kernel, they can be perfect vehicles for dangerous software such as malware.
In fact, in the last period there has been a proliferation of these cases which have exploited the technique in particular BYOVDwhich allows a hacker to bypass Windows kernel protections.
Basically, by installing what appears to be a simple official driver, you can expose your PC to even serious interference from external parties. In some cases, attacks of this kind have occurred through the overclocking drivers distributed by MSI with AfterBurner which led to the proliferation of the BlackByte Ransomwareor even with Genshin Impact’s anti-cheat drivers.
All of this is related to shortcomings in the system HVC extension of Windows, which according to research conducted by Ars Technica and analyst Will Dormann may have exposed PCs to malware and the like for almost 3 years now. Microsoft has basically admitted that the HVCI system has revealed these insecurities and is fixing it, with new updates on the vulnerable drivers that will however still take some time to complete.
