Windows 10 will start blocking drivers if it can’t verify software publisher

October 14, 2020 By iwano@_84 Off

With yesterday’s Patch Tuesday security update, Microsoft has flagged a change in the way Windows verifies driver software that could spur a rise in driver errors for Windows 10 users. 

Microsoft details the two driver-related error messages users of all supported versions of Windows 10 and Windows Server might see after installing the October Patch Tuesday security update. 

The errors will happen if Windows can’t verify the publisher of the driver software or if the driver lacks a signature. 

SEE: Windows 10 Start menu hacks (TechRepublic Premium)

“When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer,” Microsoft explains under known issues with this update for Windows 10 version 2004. 

According to Microsoft, the error occurs when an improperly formatted catalog file is identified during validation by Windows when checking DER format encoded Public-Key Cryptography Standards (PKCS) #7 content. 

“Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690,” Microsoft notes. 

Microsoft lists the issue under known issues and resolved issues on the Windows 10 update health dashboard for each affected version of Windows 10. 

If Windows 10 users do see these driver error messages, Microsoft recommends users to contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue.   

Microsoft has been working to shore up Windows 10 security against malicious drivers but these efforts have focused on its Secured-core PCs for business, such as the Surface Pro X.

SEE: Cheat sheet: Windows 10 PowerToys (free PDF) (TechRepublic)

Microsoft’s October Patch Tuesday update patched 87 vulnerabilities, including a dangerous remote code execution flaw in the Windows TCP/IP stack, tracked as CVE-2020-16898.

The bug has a severity rating of 9.8 out of a possible 10 and can allow attackers to take over Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer via a network connection. Microsoft considers it likely exploits will emerge for this flaw. 

Source Article