Next Windows 10/11 Patch Tuesday fixes Microsoft's botched vulnerable driver blocklist
Microsoft has released a new non-security preview of November’s Patch Tuesday update for Windows 10 and Windows 11 22H2. It brings improvements to the taskbar, Microsoft Account, and Task Manager, as well as a fix for a serious Microsoft blunder that left a hole in the Windows 10 vulnerable driver blocklist.
The preview is a non-security update that is available for Windows 10 and Windows 11 22H2. It contains all the changes in the upcoming November Patch Tuesday, except security patches.
However, this preview also includes Microsoft’s answer to a serious security-related error that the company made with its Windows kernel vulnerable driver blocklist – an optional security hardening capability introduced in Windows 10, version 1809 that’s on by default in Windows 11 22H2.
Also: Why can’t I get Windows 11 22H2 yet?
As ArsTechnica reported earlier this month, researchers recently discovered that Microsoft was failing to update the vulnerable driver blocklist with new instances of attacks that used correctly signed but vulnerable third-party drivers (for things like printers, motherboards and other hardware). Sophisticated attackers like vulnerable drivers because they’re properly signed by vendors and have privileged access to the Windows kernel.
Microsoft first tackled this signed-but-vulnerable driver attack in its SecureCore PCs released in 2020 in response to a rise in state-sponsored and criminal attacks using vulnerabilities in drivers. In 2021, Microsoft said it had identified 50 vendors that had released many ‘wormhole’ drivers amenable to this type of attack.
Secured-Core PCs shipped with Hypervisor-Protected Code Integrity (HVCI) on by default to block these drivers from loading, but HVCI had to be enabled for Windows 10, version 1809 and later for the vulnerable driver blocklist to be enabled. In Windows 11 22H2, the blocklist is enabled by default on all devices, not just Secured-Core ones.
In October, Will Dormann, a well-known vulnerability analyst, flagged that a newly added driver on the blocklist was loading on his HVCI-enabled system. Because of this, he doubted the veracity of Microsoft’s claims in its documentation for the feature.
Microsoft has now explained that the failed updates to the blocklist were down to it only updating for “full Windows OS releases”, although it’s not clear if this means previously installed Windows versus fresh installs, or just that older versions of Windows were stuck on a blocklist that couldn’t be updated.
“This October 2022 preview release addresses an issue that only updates the blocklist for full Windows OS releases. When you install this release, the blocklist on older OS versions will be the same as the blocklist on Windows 11, version 21H2 and later,” Microsoft states in a support page detailing “the vulnerable driver blocklist after the October 2022 preview release.”
Microsoft had told Ars Technica that it was in fact regularly updating the vulnerable driver list, but that there was “a gap in synchronization across OS versions.”
So, the October 2022 preview release is the promised fix, which should be released broadly in the November 2022 Patch Tuesday through Windows Update.
Microsoft’s release notes for the October Windows 11 22H2 preview update states: “It updates the Windows kernel vulnerable driver blocklist that is in the DriverSiPolicy.p7b file. This update also ensures that the blocklist is the same across Windows 10 and Windows 11. For more information, see KB5020779.”
Otherwise, this update changes the look of the taskbar in a way that should improve discoverability, although this is only available to a small audience at the moment. Microsoft doesn’t say what the visual changes are, but points to its search box in the taskbar.
Also, in coming weeks, all users will be able to right-click the taskbar to reveal Task Manager in the context menu.
Microsoft is adding a new consent form for users enrolled in Windows Hello Face and Fingerprint. “You have new choices for your biometric data,” Microsoft notes in the Message center entry for this update.
For a refresh on Microsoft’s monthly quality updates, this one is the ‘C’ release that includes non-security changes and improvements and is released ahead of the following month’s Patch Tuesday update (the ‘B’ release).
Also: The 10 best Windows laptops: Top notebooks, 2-in-1s, and ultraportables
This update also employs visual changes designed to enhance the backup experience when using a Microsoft Account. And users will be able to manage OneDrive subscriptions and related storage alerts through the Settings app when signed in with a Microsoft Account.
For enterprise users, there are several fixes coming for Microsoft Edge IE mode, the feature Microsoft offers for legacy business apps that rely on IE. It resolves an issue where Edge IE mode wouldn’t open web pages when Windows Defender Application Guard (WDAG) is enabled but Network Isolation policies have not been configured.