Microsoft Starts Blocking Vulnerable Drivers in Windows 10, Windows 11

pcmag.com:

Microsoft is introducing a new Windows security feature that will automatically block drivers deemed as being vulnerable to malicious behavior.

As ghacks.net reports, it's called the Vulnerable Driver Blocklist and forms part of the defenses offered by Windows Defender for Windows 10, Windows 11, and Windows Server 2016. However, it's only enabled by default for Windows 10 in S mode or on PCs with a Core Isolation feature referred to as Memory Integrity (more on this below).

The new feature was revealed via a tweet by David Weston, vice president of OS Security and Enterprise at Microsoft:

A driver is blocked if Microsoft deems it to have a known security vulnerability that can be exploited, has malware behavior previously associated with it, or demonstrates behavior that circumvents the Windows Security Model and can be exploited.

Clearly no vendor wants its drivers on the block list, and therefore this should encourage them to ensure their drivers are secure. It also means that if a vulnerability is discovered, the vendor responsible for it should be much more inclined to react very quickly, especially if their products rely on the driver in question being available to Windows users.

The Memory Integrity feature relies on Microsoft's Hyper-V, which is used to protect critical Windows kernel-mode processes using a virtual machine. If your PC is fairly new, then it's likely this is turned on by default, but otherwise you can check if it's available by navigating to Settings -> Update & Security (Privacy & Security for Windows 11 users) -> Windows Security -> Open Windows Security -> Device security. There you will find a Core Isolation section, and clicking "Core isolation details" will reveal the Memory Integrity