A cumulative Windows 10 update released as part of this week’s Patch Tuesday round of fixes may be causing incompatibility issues with certain versions of legitimate drivers.
The change Microsoft has implemented, as part of the update tagged KB4579311, aims to tighten up the verification standard in Windows 10 for driver software. This has been rolled out to minimise the chances of malware exploiting vulnerable or out-of-date drivers, and fully compromising systems.
Windows 10 will prevent users from applying driver updates if the operating system cannot verify the software publisher, displaying two error messages when this happens. Users will first be informed that Windows 10 cannot verify the driver software, and secondly that no signature was present in the subject. These errors suggest that Windows did not recognise the formatted catalogue file in the driver validation, Microsoft has disclosed, and that installation therefore won’t be successful.
While this measure has been introduced to prevent potentially vulnerable drivers from being installed on machines, and therefore heightening the risk of exploitation by malware, the tighter standards could hit legitimate software. Older versions of existing drivers, for example, may not pass the new checks.
Should users encounter these errors when attempting to update their drivers to legitimate software that cannot be verified, Microsoft has recommended that they contact the driver manufacturer. The only way around the glitch is for the device manufacturer to re-upload the driver, or provide a more up-to-date version of the software, in which the catalogue file is formatted correctly.
Microsoft released up to 87 security fixes as part of its routine Patch Tuesday updates yesterday, including fixes for 11 critical vulnerabilities. Among these was a ‘wormable’ remote code execution flaw affecting the TCP/IP component of Windows 10 and Windows Server 2019, rated 9.8 on the CVSS scale.
