Microsoft Windows Defender received an upgrade that will benefit Windows 10, Windows 11, and Windows Server 2016 or newer releases. The Microsoft Vulnerable Driver Blocklist feature introduced to Defender will allow the blocking of drivers with security vulnerabilities from running on the device. The announcement was made update was tweeted by Microsoft Vice President of OS Security and Enterprise David Weston on March 27.
The Microsoft Vulnerable Driver Blocklist capability of the Defender can be optional for users as it can be toggled on and off, and it can be a valuable tool for everyone, given that security risks are always present these days. On the other hand, Microsoft says it will be enabled by default on specific devices, such as those running Windows 10 in S Mode and hypervisor-protected code integrity (HVCI) enabled devices.
For non-Windows 10 S-mode devices, users can activate the Memory Integrity prerequisite in a variety of ways:
- Start > Setting > open the settings application via the keyboard shortcut Windows-I.
- (Windows 10): Update & Security > Windows Security > select Open Windows Security
- (Windows 11): Privacy & Security > Windows Security > select Open Windows Security
- From the sidebar on the left side, choose Device Security.
- Enable the “core isolation details” link.
- Enable the block feature by toggling the Memory Integrity setting to On.
- Restart the device you are using.
It will block drivers with specific characteristics that can pose threats, such as malware or certificates used to sign malware. It will also block drivers with known security vulnerabilities and behaviors bypassing the Windows Security Model, as cybercriminals can exploit them to promote privileges in the Windows kernel.
The driver-blocklist feature is based on the list of blocked drivers maintained by Microsoft together with hardware vendors and OEMs. Nonetheless, manufacturers may ask to patch the issue in the drivers included on the list after the suspected driver is submitted to Microsoft for analysis.