PC Driver News | DriverFinder - We Make Drivers Work for You

Vulnerable Windows Drivers Could Allow Device Takeover

In several earlier articles, we have mentioned that drivers are a critical component in any operating system. In Windows kernel-level device drivers are loaded to ensure hardware devices can communicate with the operating system. This high level of access by device drivers is secured by a number of safeguards.

Sucuring vulnerable Windows drivers

Device drivers need to be digitally signed before they are allowed to be installed (even though this can be disabled on some Windows versions). Drivers can also be tested by Microsoft to get the WHQL certification (Windows Hardware Quality Lab). An advantage of WHQL drivers is that they are available through the Windows Update service.

Since the Windows 11 update in 2022, the Hypervisor-Protected Code Integrity (HVCI) security feature prevents vulnerable drivers from being installed. It is important to realize that this is based on a list of known vulnerable Windows drivers. So, anything unknown will not be on the list and still get installed.

Recent Analysis Showed 34 Vulnerable Drivers

It is good to know that there are always people looking for vulnerabilities to help prevent abuse of these vulnerabilities. VMWare recently also released their findings on an automated approach to finding vulnerable Windows drivers using a reverse engineering approach. Details are in their blog post, but the results are quite daunting.

Finding that 34 Windows drivers have vulnerabilities is quite a large number. Most (30) are based on the Windows Driver Model (WDM), while some (4) are using the Windows Driver Framework (WDF). Since some of these drivers include firmware access, one can imagine the kind of access and system takeover that can happen with the exploits of these vulnerabilities.

Solutions to Fix Vulnerable Windows Drivers

Since most of these problems need to be fixed by correcting the flaws, or shortcomings, in the device driver software, vendors must update their drivers and release new versions.

This has happened in 2 of the mentioned cases (Phoenix Technologies fixed the TdkLib64.sys driver and AMD fixed the PDFWKRNL.sys driver).

But there are also suggestions that Microsoft could make changes in how drivers are checked and loaded. The vulnerability list (HVCI) does not seem to be sufficient. It is suggested that preventing signed drivers with a revoked certificate would already block a third of the 34 drivers.

From a user perspective, it is important to keep your drivers up-to-date. Apart from using Windows Update, we recommend you use a program like DriverFinder to check for updates regularly.

Microsoft Printer Support is Changing

In order to use a printer, like any device, in Windows, a printer driver is required. With Windows 10, Microsoft introduced a new concept for printer support using an integrated driver. This is called the Microsoft IPP Class driver, and it supports Mopria-compliant printers over a network (ethernet, Wi-Fi, Bluetooth) or USB connection.

Windows printer support

The idea is that printer manufacturers will no longer need to create, maintain, and provide their own printer drivers. Knowing Microsoft, there is always the possibility that an aspect of control on their end also plays a role.

All device experience customizations would need to be done through a print support app, which printer manufacturers should then develop instead of a driver. This is already the recommended way for Windows 11.

The motivation for this is stated as improved reliability and performance, which is never a bad thing, especially in the context of Microsoft Windows.

As a result of this change, or plan of changes, Microsoft will phase out their servicing of legacy Windows printer drivers (version 3 and version 4). Due to the nature of the impact, the changes will take place over a period of several years. Following the announcement this year, from 2025 onwards, no new printer drivers will be published to Windows Update. In 20260, printer driver update recommendations will start favoring the IPP driver, and in 2027 third-party printer driver updates will no longer be allowed.

Mopria

Even though printer manufacturers can submit drivers for certification through the Windows Hardware Compatibility Program, from 2025 onwards the drivers will not be available through Windows Update. In addition, the Mopria certification will be required. A direct benefit is that all printers will be supported on various devices.

One of the main questions resulting from this is whether existing or even new third-party printer drivers will still be allowed. And according to Microsoft, they will be. They must have realized that this is critical, as many people make use of printers for a long time.

Even if there is no direct printer support for a specific printer on a new Windows version, a virtual machine with an older version of Windows can offer a solution. But that is really a last resort since it is much simpler to use a (older) printer driver directly.

The Wi-Fi 7 standard

Wireless communication is so common nowadays that we don’t think about it anymore. Whether it is outside on our mobile phones, using it at home on our laptops and tablets, or using portable devices on Bluetooth, wireless communication is just always there. We expect it to be available and fast. To make that possible, development never stops. The newest development now? Wi-Fi 7.

What is Wi-Fi 7?

Wi-Fi 7 is like you would expect, the successor of the previous Wi-Fi standard, Wi-Fi 6 (and Wi-Fi 6E). Wi-Fi 7 will be known as the 802.11be standard. It will use the 2.5, 5, and 6 GHz frequency bands, which is the same for the 6 and 6E versions. Nothing new there.

What is new in the Wi-Fi 7 standard is the use of a 320 MHz channel in the 6 GHZ band. So, more bandwidth for data, which will benefit high-demand data streams. At the same time, Wi-Fi 7 will be downwards compatible, so it can be used with all devices that only support older Wi-Fi standards.

The biggest improvement I believe is the changes in the Multi-User, Multiple Input, Multiple Output (MU-MIMO) support. The number of channels is increased from 8 to 16. This together with the addition of Multi-Link Operation (MLO) improves the data transfer and reduces the latency. MLO allows the switching (or even parallel) use of the band used for data transfer rather than a single one.

What are the benefits?

With the wider frequency channels on the supported bands, together with the multi-link options, the main advantages of Wi-Fi 7 over the previous Wi-Fi versions are improved speed and reduced latency.

In theory Wi-Fi 7 will enable transfer speeds up to 46 Gbps. Compared to the 9.6 Gbps of the Wi-Fi 6E standard, that is a significant increase. Intel expects a typical laptop to have a data transfer rate of up to 5.8 Gbps). Although the support of a 320 MHz channel contributes to this, the Multi-Link Operation (MLO) is the main reason for these improvements.

A secondary benefit of the new Wi-Fi 7 standard is the new feature called Restricted Wake Time, which will help your devices save battery. Devices will be in power save mode as much as possible since the awake time allows access points and routers to manage the network activity (Also see Target Wake Time – TWT).

The last new benefit of Wi-Fi 7 is that it will support more simultaneous connections. So I you plan to connect all devices in your home (or have a lot of parties with guests that use your Wi-Fi connection), the new standard will help ensure speed and latency are optimal.

When will Wi-Fi 7 be available?

Routers that will support Wi-Fi 7 will become available are expected later in 2023, with all major manufacturers planning releases.

Qualcomm will have Wi-Fi 7 chipset available that enables speeds up to 33 Gbps. Linksys is planning to use this chipset in their new routers, even though they have not announced any releases. TP-Link (Archer BE900), Netgear (Nighthawk RS-700), Asus (ROG Rapture GT-BE98), and MSI (RadiX BE22000 Turbo) did already announce new products with Wi-Fi 7 support.

Wi-Fi 7 Router

Do I need Wi-Fi 7?

Currently? Maybe not. In the future, more likely, yes. As is clear from the above, the benefits are speed, multi-device support, reduced latency, and more bandwidth. If you are an avid gamer, low latency is important. Other things that might be considered for upgrading are video streaming (with 8K becoming more common), or the internet of things (IoT) where we connect all our devices to the Internet (your fridge ordering your groceries for example).

As always with device upgrades, the need to upgrade will also depend on the current situation. If you plan to upgrade or replace an older router, waiting for the new Wi-Fi 7-enabled routers would be a good idea. If you don’t think you will need the advantages the Wi-Fi 7 standard offers, your ISP speed is low anyway, or the cost of a router is a consideration, getting a Wi-Fi 7-enabled router would not be recommended.

Do keep in mind that all your other wireless devices will also need support for Wi-Fi 7. The latest mobile phones and laptops might have it, but a lot of other wireless devices will currently not include support.

Windows Security through Driver Block Rules

Many computers are used for critical tasks or to process sensitive data. To protect a system, especially a portable system, that is running Windows, Microsoft has several security features in the latest Windows releases. Most people know about Microsoft Defender and biometric access, but in Windows 10 and Windows 11, there is also something called driver block rules.

Are Drivers Dangerous?

Device drivers are not dangerous per se. But device drivers, like many other critical components in the Windows operating system, run with a kernel-level execution priority. That means that even if drivers are not malicious, they can allow elevated control access.

Modern device drivers are all digitally signed, and often verified by Microsoft. And in the latest Windows versions unsigned drivers are not allowed to be installed unless special steps are taken to disable driver signature enforcement.

But even with a digital signature, there is no guarantee that the driver is completely safe. Digital signatures can be stolen (hacks of hardware/software companies, like Nvidia recently).

Recent malware attacks have leveraged the vulnerabilities of drivers to compromise system security. It makes a lot of sense to increase the protection of these system components.

What are Driver Block Rules?

Driver block rules are a set of rules that are recommended by Microsoft to block drivers that are malicious or not trusted. Drivers can be submitted to Microsoft for review and analysis and bad ones are added to the vulnerable driver blocklist. Hardware manufacturers and OEM partners will play a big role in keeping the rules actual and relevant.

How to use Driver Block Rules?

Microsoft is including a setting in the Windows Defender configuration to turn on this new feature called Microsoft Vulnerable Driver Blocklist. That means turning it on will activate the protection.

Windows Driver Block Rules

This new feature will be only activated by default on special Windows editions. Windows 10 S mode, and devices that have the Memory Code Integrity feature (or HyperVisor-protected Code Integrity – HVCI).

For Windows systems where the S mode or HVCI is not possible there is another option, which is using the Windows Defender Application Control (WDAC) policy. Details about how to use WDAC and the list of rules can be found on the Microsoft website.

WDAC is all about preventing apps or processes to run kernel level. Use and deployment of the rules is something that will typically be used by organizations with IT staff to implement this.

Driver BlockList Limitations

Although the concept the blocklist is good, the method strongly depends on the quality of the list. It was already found that the blocklist is not including all drivers that need to be blocked. Apparently new Windows versions were being issues a list from 2019! Microsoft already confirmed the issue and will address the problem in the Windows October updates to ensure the list is new and in sync across Windows 10 and Windows 11.

In addition, the block list is now on by default in Windows 11 (version 22H2). It also seems the option to disable the list is no longer present. Is Microsoft finally able to prevent the Blue Screens showing Stop errors caused by drivers?

For people still wanting to disable the list on Windows 11 version 22H2, there might be a workaround through the registry. But it is not an official and documented option.

Use the Registry Editor to find the folloing key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config]

And create a DWORD Value in it named VulnerableDriverBlocklistEnable with a data value of zero (0).

News: Microsoft Restricts Windows 7 Driver Updates

Last week, on June 17, 2021, Microsoft has stopped accepting driver submissions for Windows Update for Windows 7 SP1 (and Windows Server 2008). As a result, there will be no more new Windows 7 drivers released through Microsoft Windows Update for your Windows 7 laptop or PC.

Of course, Microsoft already discontinued support for Windows 7 last year, in January 2020. So now the driver updates have also stopped.

The main reason for this step is security. Microsoft was using a Secure Hash Algorithm (SHA-1 ) trusted root certificate to allow signed drivers to be submitted for Windows Update. The SHA-1 algorithm, however, has become less secure and has been superseded by SHA-2. Microsoft has expired the SHA-1 trusted root certificate authority and will only allow SHA-2 signed drivers into Windows Update.

The switch from SHA-1 to SHA-2 was effective from May 9, 2021. All SHA-1 signed content is removed from the Microsoft Download Center.

Windows 7 Driver Updates

What is the Impact on You?

If you have a Windows 7 PC, you will no longer receive driver updates via Windows Update.

It also means that if you reinstall a fresh copy of Windows 7, you might not be able to get all the necessary drivers you need automatically.

Manufacturers can still submit drivers for Windows 7 and Windows 2008 through the Windows Hardware Compatibility Program for now, but these will only be available to customers that use Volume Licensing and participate in the Extended Security Program.

Manually locating and manually installing drivers in Windows 7 remains possible though.

[More details on this Microsoft change can be found here.]

Windows 7 Driver Update Alternative

If manually searching, downloading, and installing drivers is not your thing… you can always use DriverFinder to help you.

The DriverFinder database contains ‘legacy drivers’.

Legacy drivers are drivers that are ‘older’ than the latest Windows OS version. Since we’re now on Windows 10, Windows 7 drivers can be considered legacy drivers.

By the way, drivers in the DriverFinder database are sourced DIRECTLY from hardware manufactures so rest assured that the right Windows 7 driver update is recommended.

Here’s how you can still have Windows 7 driver updates via DriverFinder (no manual searching!).

  1. Download the DriverFinder program.
  2. Get a license and Activate the program.
  3. Run a Driver Scan.
  4. Download the Windows 7 driver recommendations from the scan results.
    Download Synaptics Touchpad driver using DriverFinder
  5. Run the driver installer(s) provided to install the driver.

Copyright 2009 and Beyond - DriverFinderPro.com - All Rights Reserved