Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Microsoft launches service for reporting malicious drivers

Now Reading
Microsoft launches service for reporting malicious drivers

Microsoft has launched a special portal through which users and information security researchers can report malicious and suspicious drivers.

The new Vulnerable and Malicious Driver Reporting Center is essentially a web form that allows users to download a copy of a suspicious driver, which will then be analysed by Microsoft’s automated scanner.

The fact is that in recent years, malicious drivers are increasingly used by major APTs and other cybercriminals. Most often, cybercriminals abuse vulnerabilities in old and unpatched drivers, or even deliberately downgrade and install older drivers into the system (for example, to gain administrator rights on a compromised host).

Increasingly, adversaries are leveraging legitimate drivers in the ecosystem and their security vulnerabilities to run malware. Multiple malware attacks, including RobinHood, Uroburos, Derusbi, GrayFish and Sauron, have leveraged driver vulnerabilities.Microsoft says.

The company says its automatic scanner can detect methods commonly abused by malicious drivers, including:

  1. drivers that can map arbitrary areas of yard memory, physical memory and device memory in user mode;
  2. drivers that can read / write arbitrary memory information from the kernel, physical memory, or device memory in user mode, including I / O and CPU ports;
  3. drivers that provide access to device storage bypassing Windows access control.

If the scan is successful, the driver will be referred to a Microsoft technician for closer examination.

The Reporting Center backend automatically analyzes the potentially vulnerable or malicious driver binary as long as they’re written for Windows running on CPUs based on the x86 and x64 architectures and identifies dangerous behaviors and security vulnerabilities.Microsoft representatives says.

The new service is reported to be capable of analyzing drivers for both 32-bit and 64-bit architectures, and Microsoft is urging users to report any drivers they believe may contain malicious code or be vulnerable.

Based on the results of the checks, malicious drivers will be blacklisted, and the developers will be informed about the vulnerable drivers.

Let me remind you that I also wrote that Microsoft Defender for Endpoint and Kaspersky doesn’t start after Windows update.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response