Phil NZ • User • The Register Forums

How fiends abuse an out-of-date Microsoft Windows driver to infect victims

Thursday 27th April 2023 08:28 GMT Phil NZ

That is true, and inexcusable. However it was resolved 6 months ago. So the point still stands, enable the vulnerable driver blocklist in Windows 10, and the Vulnerable Driver ASR rule.

https://support.microsoft.com/en-gb/topic/kb5020779-the-vulnerable-driver-blocklist-after-the-october-2022-preview-release-3fcbe13a-6013-4118-b584-fcfbc6a09936

0 0

Tuesday 25th April 2023 08:34 GMT Phil NZ

Anyone running Windows Defender AV can enable one of the Attack Surface Reduction rules to do just this.

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-abuse-of-exploited-vulnerable-signed-drivers

No MDE licence necessary. This one blocks attempts to write known-vulnerable drivers to disk.

Additionally the Vulnerable Driver Blocklist has been available since Windows 10 1809 and is enabled by default in Windows 11 22H2.

This one blocks vulnerable drivers from being loaded by Windows even if they’re already installed.

Stops BYOVD attacks, at least for known-vulnerable drivers.

I know there’s been a lot of whinging on Reg about the hardware requirements for Windows 11, well most of those strict requirements are for the hardware security features that allow for robust HVCI which in turn allows for these controls.

5 1

As another vendor promises 3 years of Android updates, we ask: How long should mobile devices receive support?

Tuesday 11th May 2021 08:22 GMT Phil NZ

Re: I would rather NOT have support

My work laptop, Surface Book 2, vanilla Windows 10, AAD joined (no Group Policy or legacy login script crud) took about 3 minutes non-invasive update plus 30 seconds reboot for the (early adopter) 20H2 to 21H1 update the other day.

I’d agree, sounds like you have a poorly managed build and overly intrusive systems management/patching. That’s an IT problem and not a device/OS/patching problem.

9 0

Privacy campaigner flags concerns about Microsoft's creepy Productivity Score

Friday 27th November 2020 08:13 GMT Phil NZ

Dump thought

Unless it measures how much time I spend thinking through work problems when I’m taking a dump, and how that thinking saved me 3 meetings, 4 emails and a dozen tag mentions then it’s worse than useless.

7 0

China now blocking ESNI-enabled TLS 1.3 connections, say Great-Firewall-watchers

Tuesday 11th August 2020 07:29 GMT Phil NZ

How do you know what cert CN/subject alternate name to forge when SNI is encrypted? How do you get your client to not break the connection if they don’t trust your root cert?

I hope TLS 1.3 is very widely adopted very quickly

16 0

Linus Torvalds banishes masters, slaves and blacklists from the Linux kernel, starting now

Monday 13th July 2020 10:28 GMT Phil NZ

Re: Proudly ignorant

This is not Orwellian but a pragmatic measure taken by a private (non-state) group as a significant gesture recognising terms like “master” and “slave” as offensive.

It’s your right to think it’s an overreaction, it’s also the right of the rest of us to embrace this as a positive step and mute your whining arses.

10 31

Here's a headline we never thought we'd write 20 years ago: Microsoft readies antivirus for Linux, Android

Wednesday 24th June 2020 10:27 GMT Phil NZ

Re: Small correction

It’s EDR capability is probably more useful in many Linux server scenarios. You can run in EDR only mode.

1 0

Microsoft attempts to up its Teams game with new features while locked-down folk flock to rival Zoom... warts and all

Wednesday 8th April 2020 20:39 GMT Phil NZ

Re: Microsoft calls this

Haha yes, nice name for what everyone else would describe as “moved a button to make it a bit more obvious how to start an instant meeting”.

2 0

Wednesday 8th April 2020 20:36 GMT Phil NZ

Zoom said they used end to end encryption, Microsoft didn’t (because how do you do end to end in a 100+ person meeting without killing user experience??)

That’s why it’s an issue. Don’t mislead about a fundamental feature. If Microsoft had made this claim about Teams we would be roasting them right now.

0 0

Female-free speaker list causes PHP show to collapse when diversity-oriented devs jump ship

Tuesday 27th August 2019 10:47 GMT Phil NZ

Sounds like a pseudo-scientific argument to me.

14 16

Tuesday 27th August 2019 09:41 GMT Phil NZ

"when the vast majority of coders is male (and always will be)"

Wait, why "and always will be"?

17 3

Azure Stack's debut ends the easy ride for AWS, VMware and hyperconverged boxen

Wednesday 12th July 2017 07:34 GMT Phil NZ

Black-box mould then?

1 0

Wednesday 12th July 2017 07:21 GMT Phil NZ

Re: New?

It wasn't a value judgement, simply a comment that Azurestack ain't a new paradigm. More comprehensive, yes. Better, subjective. New, certainly not.

3 0

Tuesday 11th July 2017 18:30 GMT Phil NZ

New?

"Azure Stack gives us a new way to cloud by bringing cloud services into your very own bit barn"

Not wanting to rain on this lovely parade but wtf is OpenStack then and why am I using it right now?

Cool as this announcement is they even pinched the bloody name!

2 2

BlackBerry snips Alcatel label off a midrange biz 'Droid, sells it for $299

Wednesday 27th July 2016 08:01 GMT Phil NZ

I'd buy a droid from Blackberry. If the camera doesn't suck. I ended up on an iPhone because the 5c camera was faster and better than equivalent priced droids. Nexus 4 cameras were slooooow, the 5s I checked out not much better. Software problem I think but such a fundamental thing to have wrong in a smartphone.

0 0

Cops cuff armed white supremacist in banana costume

Friday 20th August 2010 11:00 GMT Phil NZ

Classy

Because nothing screams racial superiority like banana costumes and indecent exposure.

3 0

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

Posts by Phil NZ