Monday, June 27, 2022

Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules

If an adversary can load a driver, there is nothing they can’t do to adversely impact a compromised system, including disabling endpoint security products. Previously, aside from requiring elevated privileges to load a driver, the bar was low to load a rootkit. Microsoft raised the bar slightly when it started to enforce stricter signing requirements alongside Driver Signature Enforcement. While it’s still possible to get away with signing malicious drivers, the threat landscape has shifted acco…

Read More

Latest news
Related news