Microsoft Windows Defender receives upgrades that will benefit Windows 10, Windows 11, and Windows Server 2016 or later. The Microsoft Vulnerable Driver Blocklist feature introduced into Defender will allow drivers with security vulnerabilities to be blocked from running on the device. David Weston, Microsoft's vice president of operating system security and enterprise, announced the update on March 27.
Defender’s Microsoft Vulnerable Driver Blocklist feature is optional for users as it can be turned on and off, and it’s one for everyone Valuable tool as there are always security risks these days. Microsoft, on the other hand, says it will be enabled by default on certain devices, such as those running Windows 10 in S mode and those with Hypervisor Protection Code Integrity (HVCI) enabled.
For non-Windows 10 S mode devices, users can activate memory integrity prerequisites in several ways:
It will block drivers with specific characteristics that may pose a threat, such as malware or certificates used to sign malware. It will also block drivers with known security vulnerabilities and bypasses of the Windows security model, as cybercriminals can exploit them to escalate privileges in the Windows kernel.
The Driver Blocklist feature is based on a list of blocked drivers that Microsoft maintains with hardware vendors and OEMs. Nonetheless, after a suspect driver is submitted to Microsoft for analysis, manufacturers may require patching of issues in drivers included on the list.
The above is the detailed content of Microsoft introduces vulnerable driver blocklist in Windows Defender on Windows 10 and 11. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
