Given the rise in malicious and buggy drivers risking system security, Microsoft has developed an inclusive platform to help secure the kernel. Dubbed as “Vulnerable and Malicious Driver Reporting Center,” this single online form facilitates reporting of troublesome drivers to Microsoft for analysis.
Microsoft Vulnerable And Malicious Driver Reporting Center
As Microsoft elaborated in a recent blog post, malicious and vulnerable drivers pose a significant security threat. Cybercriminals frequently run vulnerable driver attack campaigns to exploit security bugs in otherwise legit drivers from reliable OEMs. It allows the adversaries to execute massive attacks that remain difficult to spot and remedy. Such exploitations also allow spyware, ransomware, and other attacks.
Therefore, Microsoft now gears up to prevent kernel-level damages via this route by allowing the public to report such drivers. The tech giant has launched “Vulnerable and Malicious Driver Reporting Center” – an integrated platform for analyzing suspicious drivers. Of late, there’ve been new versions of Ransomware. For that, you need to understand what is killware, and what severe harm it can cause to individuals. This is why tech-majors like Microsoft have geared up accordingly to face this threat and reduce the vulnerability.
Microsoft has designed it as an easy-to-use online form where anyone can report a driver for analysis. It merely requires putting up the driver binary (less than 50MB), a reason for the suspected issue, and the users’ email address to contact. After submission, the Reporting Center will analyze the file for potential vulnerabilities that Microsoft lists as,
-Drivers with the ability to map arbitrary kernel, physical, or device memory to user mode.
-Drivers with the ability to read or write arbitrary kernel, physical, or device memory, including Port I/O and central processing unit (CPU) registers from user mode.
-Drivers that provide access to storage that bypass Windows access control.
Upon detecting malicious or vulnerable behavior, the Reporting Center will flag the driver for Microsoft’s team.
But the job doesn’t end there. Microsoft will also block vulnerable drivers in “the entire ecosystem” via a “vulnerable driver ASR rule.”
While it’s a helpful reporting system to highlight dangerous drivers, Microsoft currently doesn’t offer bug bounties for it. As stated,
This program is currently not eligible for the Microsoft Security Response Center’s Bug Bounty program.
Let us know your thoughts in the comments.