stated a report New from Ars Technica that a company Microsoft failed to protect Windows PCs from malicious drives for nearly three years.
Although the company says that Windows updates that it releases periodically prevent malicious drives from downloading to the system, Ars Technica found that those updates did not do so as they should.
Because of this shortcoming in preventing malicious drives from accessing Windows PCs, users are vulnerable to a specific type of attack called BYOVD, which stands for Bring Your Vulnerable Drive.
It is indicated that drives are the files that personal computer operating systems use to communicate with hardware, whether external or internal, such as: printers, graphics cards, webcam, and so on.
Because drives require the ability to access the kernel of a device’s operating system, Microsoft also requires, before allowing this, that all drives be approved, to ensure they are safe for use.
Related Topics What You’re Reading Right Now:
But if there is an approved drive, and it contains a vulnerability, hackers can exploit that and gain access to the Windows kernel.
And it has happened many times. Last August, hackers installed ransomware. BlackByte On a soft drive used to boost the performance of MSI AfterBurner software for MSI graphics cards.
The North Korean hacking group Lazarus has also launched BYOVD attack A Dutch employee in the space industry, and a political journalist in Belgium in 2021, but the matter was not revealed until late last month by the information security company ASET. ESET.
Microsoft confirms protection of Windows computers
According to an Ars Technica report, Microsoft is using a special feature called HVCI, which stands for Hypervisor-Protected Code Integrity, to protect devices from malicious drives. Which Says This feature is enabled by default on certain Windows devices.
But Ars Technica, and Will Dorman, a senior security analyst at the information security company Analygence, confirmed that this feature does not provide sufficient protection once morest malicious drives.
Dorman published it last September Tweets On Twitter he explains how he was able to download a malicious drive onto a HVCI enabled machine, even though the malicious drive was on Microsoft’s blacklist. Then he later found out that Microsoft’s blacklist had not been updated since 2019.
Microsoft did not respond to Dorman’s statement except in earlier this monthand stated that it had dealt with the matter, and also published instructions regarding How to manually update the blacklist.
