Photo by Amelia Holowaty Krales / The Verge
Microsoft failed to properly protect Windows PCs from malicious drivers for nearly three years, according to a report from Ars Technica. Although Microsoft says its Windows updates add new malicious drivers to a blocklist downloaded by devices, Ars Technica found these updates never actually stuck.
This gap in coverage left users vulnerable to a certain type of attack called BYOVD, or bring your own vulnerable driver. Drivers are the files your computer’s operating system uses to communicate with external devices and hardware, such as a printer, graphics card, or webcam. Since drivers can access the core of a device’s operating system, or kernel, Microsoft requires that all drivers are digitally signed, proving that they are safe to use….