If an adversary can load a driver, there is nothing they can’t do to adversely impact a compromised system, including disabling endpoint security products. Previously, aside from requiring elevated privileges to load a driver, the bar was low to load a rootkit. Microsoft raised the bar slightly when it started to enforce stricter signing requirements alongside Driver Signature Enforcement. While it’s still possible to get away with signing malicious drivers, the threat landscape has shifted acco…