Microsoft has introduced the Vulnerable and Malicious Driver Reporting Center to make it easier for Windows users to share drivers they believe the company's security team should investigate.
"Increasingly, adversaries are leveraging legitimate drivers in the ecosystem and their security vulnerabilities to run malware," Microsoft says. "Multiple malware attacks, including RobinHood, Uroburos, Derusbi, GrayFish, and Sauron, have leveraged driver vulnerabilities."
Attackers target vulnerable drivers "to gain kernel privileges, modify kernel signing policies, and load their malicious unsigned driver into the kernel," Microsoft says, and malicious drivers can disable security tools so "ransomware, spyware, and other types of malware can be executed."
That makes identifying these drivers important, which is why the company set up the Vulnerable and Malicious Driver Reporting Center. Anyone can use the utility to submit a driver, explain their concerns about it, and share additional details such as what product the driver is used for.
"The Reporting Center backend automatically analyzes the potentially vulnerable or malicious driver binary and identifies dangerous behaviors and security vulnerabilities," Microsoft says, as long as they're written for Windows running on CPUs based on the x86 and x64 architectures.
The company says its Vulnerable Driver team will investigate submissions the automated tool flags as vulnerable or malicious. Confirmed issues will then make their way through Microsoft's various security teams, services, and products to mitigate the risks to Windows users.