Skip to main content

Microsoft is now enforcing its rule banning unsigned Windows 10 kernel mode drivers

windows 10 insider preview 14955 outlook mail calendar narrator upgrade
Bill Roberson/Digital Trends
Microsoft announced last week that starting with Windows 10, version 1607, the operating system will refuse to load any new kernel mode drivers that are not signed by the Windows Hardware Developer Center Dashboard portal, or Dev Portal. To be clear, new installations of this version of Windows 10 will enforce the new driver signing rule, whereas older versions of Windows 10 upgrading to 1607 will not be affected by the change.

Microsoft actually made changes to the driver signing rule with the launch of Windows 10 back in July 2015. The company said from that point on, all new Windows 10 kernel mode drivers must be submitted to and digitally signed by the Dev Portal. If they were not, Windows 10 reportedly wouldn’t load those new kernel drivers.

Recommended Videos

However, as the company pointed out last week, the new driver signing change wasn’t really enforced up until now due to “technical and ecosystem readiness issues.” Thus, the change remained as a mere policy statement and wasn’t enforced by the Windows Code Integrity component of Windows 10, which validates the integrity of a driver or system file.

Please enable Javascript to view this content

For developers, Microsoft described two steps that must take place to push new drivers to Windows 10. First, they must submit the drivers to Microsoft via the Dev Portal. Next, they need to begin the process of getting an Extended Validation (EV) Code Signing Certificate. All drivers submitted to the Dev Portal must have this EV certification no matter what operating system version the developer plans to support with their driver package.

Additionally, developers wanting to get a driver that’s signed for all versions of Windows between Vista and Windows 10 must run the HLK tests for Windows 10, and the HCK tests for Windows 8.1 and earlier. After that, developers can use the Windows 10 HLK to merge the two test logs and submit those results to Microsoft along with the driver in question.

As for existing drivers, developers are not required to have them re-signed for Windows 10 1607 and newer. “To ensure backwards compatibility, drivers which are properly signed by a valid cross-signing certificate issued prior to July 29th, 2015, will continue to pass signing checks on Windows 10, version 1607,” Microsoft states.

So what does all of this mean for the end user? A more secure environment. Thanks to this enforced rule, Windows 10 will prevent users from unknowingly installing malicious driver software that could in turn load up malicious apps or programs, enable remote control to a hacker, and open a doorway to sensitive files and data, like passwords and bank account information.

According to Microsoft, the new driver signing change also reduces the risk of lost or stolen driver signing keys from the publisher. The change even ensures that driver publishers are “strongly authenticated,” thus fortifying the secure foundation of Windows 10 on a whole.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Frustrated security researcher discloses Windows zero-day bug, blames Microsoft
Laptop sitting on a desk showing Windows 11's built-in Microsoft Teams experience.

There's a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn't alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Read more
Flouting Microsoft’s rules, man gets Windows 11 to work on a 15-year-old PC
Windows 11 is displayed on a laptop screen. The laptop is on a desk flanked by a task lamp and vase with flowers.

Amid Microsoft's statements that Windows 11 was made for newer machines, creative users continue to prove that you can run Microsoft's latest operating system on most computers. This time, a Twitter user managed to successfully install and run Windows 11 on an Intel Pentium 4-based system.

The news emerged when Twitter user Carlos S.M. posted screenshots, and later a video, of his computer running Windows 11. The video includes benchmarks that prove just how old all the components are, starting with the 15-year-old processor.

Read more
Not ready for Windows 11? The Windows 10 November 2021 update is coming
Windows 10 refresh features.

If your PC is one of the many that are unable to officially run Windows 11, then you might want to get ready for the next big Windows 10 Update. Microsoft just announced that it is taking final steps and getting ready to launch the Windows 10 November 2021 Update.

This next version of Windows 10 underwent over five months of testing with Windows Insiders and is now in its final phases. There aren't any big features that come along with it, but Microsoft notes that build 19044.1288 is the final build for the November 2021 Update.

Read more