One Article Review
| Source |  CSO |
|---|---|
| Identifiant | 7683787 |
| Date de publication | 2022-10-26 02:00:00 (vue: 2022-10-26 10:05:40) |
| Titre | How to update your Windows driver blocklist to keep malicious drivers away |
| Texte | For many years, attackers have used and abused various ways to get on our systems. From phishing to tricking us to click on websites, if an attacker can get their code on our systems they are no longer our systems. Attackers will even invest the time, energy, and expense to get their malicious drivers approved and co-designed through the Windows Hardware Compatibility Program in order to gain access to our machines. Ensuring that these malicious drivers are blocked is a key method for protecting systems.Microsoft has long touted a means to update this master listing on our systems and, in theory, the idea was valid: using settings and security hardware on the computer, enabling hypervisor-protected code integrity (HVCI) was supposed to protect systems from malicious drivers. Attackers have used such attacks in the past ranging from RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, to campaigns by the threat actor STRONTIUM. As a Microsoft blog in 2020 pointed out, if a computer had HVCI enabled, it would be able to defend itself against vulnerable and malicious drivers. In the blog post, it was noted that “Microsoft threat research teams continuously monitor the threat ecosystem and update the list of drivers that in the Microsoft-supplied blocklist. This blocklist is pushed down to devices via Windows update.”To read this article in full, please click here |
| Envoyé | Oui |
| Condensat | 2020 able abused access actor against approved are article attacker attackers attacks away blocked blocklist blog campaigns can click code compatibility computer continuously defend derusbi designed devices down driver drivers ecosystem enabled enabling energy ensuring even expense from full gain get grayfish had hardware has have here how hvci hypervisor idea integrity invest itself keep key list listing long longer machines malicious many master means method microsoft monitor noted order out past phishing please pointed post program protect protected protecting pushed ranging read research robbinhood sauron security settings strontium such supplied supposed systems teams theory these threat through time touted tricking update uroburos used using valid: various vulnerable ways websites will windows would years your “microsoft ”to |
| Tags | Threat |
| Stories | APT 28 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.