Windows 10 update sparks driver compatibility fears
Over-zealous verification checks designed to tighten security may block some older drivers
A cumulative Windows 10 update released as part of this week’s Patch Tuesday round of fixes may be causing incompatibility issues with certain versions of legitimate drivers.
The change Microsoft has implemented, as part of the update tagged KB4579311, aims to tighten up the verification standard in Windows 10 for driver software. This has been rolled out to minimise the chances of malware exploiting vulnerable or out-of-date drivers, and fully compromising systems.
Windows 10 will prevent users from applying driver updates if the operating system cannot verify the software publisher, displaying two error messages when this happens. Users will first be informed that Windows 10 cannot verify the driver software, and secondly that no signature was present in the subject. These errors suggest that Windows did not recognise the formatted catalogue file in the driver validation, Microsoft has disclosed, and that installation therefore won’t be successful.
While this measure has been introduced to prevent potentially vulnerable drivers from being installed on machines, and therefore heightening the risk of exploitation by malware, the tighter standards could hit legitimate software. Older versions of existing drivers, for example, may not pass the new checks.
Should users encounter these errors when attempting to update their drivers to legitimate software that cannot be verified, Microsoft has recommended that they contact the driver manufacturer. The only way around the glitch is for the device manufacturer to re-upload the driver, or provide a more up-to-date version of the software, in which the catalogue file is formatted correctly.
Microsoft released up to 87 security fixes as part of its routine Patch Tuesday updates yesterday, including fixes for 11 critical vulnerabilities. Among these was a ‘wormable’ remote code execution flaw affecting the TCP/IP component of Windows 10 and Windows Server 2019, rated 9.8 on the CVSS scale.
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security
-
CVEs are set to top 50,000 this year, marking a record high – here’s how CISOs and security teams can prepare for a looming onslaughtNews While the CVE figures might be daunting, they won't all be relevant to your organization
