Microsoft's own mistake may have left users at risk of malware attacks

Microsoft appears to have finally addressed an issue that could have left Windows users at risk of all kinds of cyberattacks.  A cyberatta...

Microsoft appears to have finally addressed an issue that could have left Windows users at risk of all kinds of cyberattacks. 

A cyberattacking method called Bring Your Own Vulnerable Driver, or BYOVD for short. It revolves around the attackers installing older, legitimate software drivers, known for carrying vulnerabilities, on target endpoints. Installing a legit driver will not trigger any antivirus alarms, but will open up the backdoors for attackers to deliver more dangerous payload. 

However the researchers aren’t happy with how the company addressed the issue, as it would seem Microsoft only created a one-time solution for a problem that needs continuous support.

No updates

The number of BYOVD attacks rose significantly in the past couple of months, prompting researchers from Ars Technica to investigate if Microsoft’s solutions to the problem (which it dubbed “Secured Core” PCs) work as intended, or not. That’s when they realized the list hadn’t been updated in quite some time. 

“But as I was reporting on the North Korean attacks mentioned above, I wanted to make sure this heavily promoted driver-blocking feature was working as advertised on my Windows 10 machine,” Ars Technica’s Dan Godin writes. “Yes, I had memory integrity turned on in Windows Security > Device security > Core isolation, but I saw no evidence that a list of banned drivers was periodically updated.”

Microsoft dismissed the initial findings as irrelevant, but as other researchers chimed in, it later changed its stance, saying it was “fixing the issues with our servicing process which has prevented devices from receiving updates to the policy,” Godin added. 

“The vulnerable driver list is regularly updated, however we received feedback there has been a gap in synchronization across OS versions,” Microsoft was cited saying. “We have corrected this and it will be serviced in upcoming and future Windows Updates. The documentation page will be updated as new updates are released.”

While Microsoft claimed it solved the problem by having a driver blocklist that’s constantly being updated, researchers discovered that the company hasn’t updated the list in roughly three years. In other words, whatever vulnerable drivers were discovered in the last 24 - 36 months hadn;t been added to this blocklist, and threat actors could have used them to unplug already plugged security holes.

Microsoft has since released a new tool that allows Windows 10 users to deploy blocklist updates that were pending for three years. “But this is a one-time update process; it is not yet clear if Microsoft can or will push automatic updates to the driver blocklist through Windows Update,” Godin concluded.

Via: Ars Technica



from TechRadar - All the latest technology news https://ift.tt/Oyn39zs
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,110,Video,5,XIAOMI,13,YouTube - 9to5Google,109,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Microsoft's own mistake may have left users at risk of malware attacks
Microsoft's own mistake may have left users at risk of malware attacks
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/10/microsofts-own-mistake-may-have-left.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/10/microsofts-own-mistake-may-have-left.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy