Bleeping Computer

New Windows Driver Signature bypass allows kernel rootkit installs

Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems. This is possible by taking control of ...
InfoWorld

Programming the Windows kernel with eBPF

Much of modern operating system functionality happens in and around the kernel. That’s a problem when you’re implementing monitoring and observability tools or adding low-level security tools because ...
Bleeping Computer

Microsoft fixes Windows vulnerable driver blocklist sync issue

Microsoft says it addressed an issue preventing the Windows kernel vulnerable driver blocklist from being synced to systems running older Windows versions. This blocklist (stored in the DriverSiPolicy ...
Dark Reading

Hackers Exploit Policy Loophole in Windows Kernel Drivers

Hackers are using open source tools to exploit a Windows policy loophole for kernel mode drivers to load malicious and unverified drivers with expired certificates, researchers have found. The ...
CSOonline

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Attackers abused a signed but long-revoked EnCase Windows kernel driver in a BYOVD attack to terminate all security tools. In a recent incident, attackers abused a legitimate but vulnerable Windows ...