Microsoft has finally addressed the issue that could have left many Windows users open to various cyberattacks.
There is a known cyberattacking method named BringYour Own Vulnerable Driver (BYOVD) where attackers can open a backdoor on the system by installing older yet legitimate software drivers that can be vulnerable.
Even though Microsoft has addressed the issue, security researchers are warning that this is only a one-time solution for a security issue that needs continuous support.
Unfortunately, the number of BYOVD attacks are on the rise during the past several months.
According to Microsoft, the vulnerable driver list is being regularly updated although it appears there was a gap in synchronization across the OS versions. Microsoft also said that they have corrected this and that it will be serviced with the upcoming and also future Windows Updates.
Although Microsoft claimed it has solved the problem with the driver blocklist being regularly updated, security researchers discovered that the company hasn’t updated the list in about three years. This means that all vulnerable drivers that were discovered in the past 2-3 years could be used by attackers to get access to OS.
Since this is a one-time update process it’s still not clear if Microsoft will push automatic updates for the driver blocklist through Windows Updates.