“We are increasingly working to be profitable,” said Microsoft. “Multiple malware attacks, including RobinHood, Uroburos, Derusbi, GrayFish and Sauron, leveraged driver vulnerabilities.” Attackers target vulnerable drivers to “acquire kernel privileges, modify kernel signing policies and load their malicious unsigned driver into the kernel,” says Microsoft, and malicious drivers disable security tools so that “ransomware, spyware and other types of malware can be executed.” That makes identifying these drivers important, so the company set up the Vulnerable and Malicious Driver Reporting Center. Anyone can use this tool to submit a driver, explain how it’s affected and share further details, such as the product used for. “The reporting Center backend automatically analyzes the potentially dangerous or malicious driver binary and identifies dangerous behaviors and security vulnerabilities,” Microsoft says, as long as they’re written for Windows running on CPUs based on x86 and x64 architectures. The company said its driver team will investigate all the alleged failures the automated tool flags as suspicious or vulnerable. Confirmed issues will then lead to a seamless application of the security services, applications and products of Microsoft, to minimize the risk of operating systems and users.
