driver
Microsoft blames unexpected Windows driver updates on caching issue
On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. In an admin center incident report (MO1332784), Microsoft blamed the issue on a misconfiguration in the Windows Update caching service that temporarily dropped device enrollment information, causing some Windows devices to be treated […]
Microsoft plans to improve Windows 11 driver quality in 2026
Microsoft plans to raise the quality bar of Windows 11 drivers, as drivers “sit at the heart of every Windows experience” and connect the OS to the “silicon, components, and peripherals.” Before Microsoft shipped Windows 11, it frequently hosted WinHEC (Windows Hardware Engineering Conference), where Microsoft’s developers and OEM partners met to work on quality. […]
Microsoft to automatically roll back faulty Windows drivers
Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. Called Cloud-Initiated Driver Recovery, the new feature will remove the need for hardware partners or end users to manually fix driver issues once drivers have been distributed to devices. The recovery process is entirely […]
Microsoft fixes Windows Autopatch bug installing restricted drivers
Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. According to a service alert first spotted by Microsoft MVP Susan Bradley, the issue affected only a limited number of devices running client Windows platforms (i.e., Windows 11 […]
EDR killer tool uses signed kernel driver from forensic software
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. An EDR killer is a malicious tool created specifically to bypass or disable endpoint detection and response (EDR) tools, along with other security solutions. They typically use vulnerable drivers to unhook […]
Chinese state hackers use rootkit to hide ToneShell malware activity
A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. The backdoor has been attributed to the Mustang Panda group, also known as HoneyMyte or Bronze President, that usually targets government agencies, NGOs, think tanks, and other high-profile organizations worldwide. Security researchers at Kaspersky […]
Microsoft to remove legacy drivers from Windows Update for security boost
Microsoft has announced plans to periodically remove legacy drivers from the Windows Update catalog to mitigate security and compatibility risks. “The rationale behind this initiative is to ensure that we have the optimal set of drivers on Windows Update that cater to a variety of hardware devices across the windows ecosystem, while making sure that […]
ASUS Armoury Crate bug lets attackers get Windows admin privileges
A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. The security issue is tracked as CVE-2025-3464 and received a severity score of 8.8 out of 10. It could be exploited to bypass authorization and affects the AsIO3.sys of the Armoury Crate system management software. Armoury […]
Microsoft delays WSUS driver sync deprecation indefinitely
Microsoft announced today that, based on customer feedback, it will indefinitely delay removing driver synchronization in Windows Server Update Services (WSUS). “Seeing how many of you are already moving to the available cloud-based driver services, we initially proposed the removal of WSUS driver synchronization. Thanks to your feedback, especially on disconnected device scenarios, we’ve now […]
Windows 11 24H2 blocked on PCs with code-obfuscation driver BSODs
Microsoft has introduced a new Windows 11 24H2 safeguard hold for systems running security or enterprise software using SenseShield Technology’s sprotect.sys driver. This upgrade block will prevent users from upgrading to the latest Windows 11 version because the driver can crash and trigger blue or black screen of death (BSOD) errors, and it impacts systems with any sprotect.sys […]