Microsoft: Windows will prevent installation of unverified drivers

The new rules would result in “Windows can't verify the publisher of this driver software” errors for some users

Windows will prevent installation of unverified drivers The new change can cause "Windows can’t verify the publisher of this driver software" or "No signature was present in the subject" errors

With the new Patch Tuesday release on October 13, Microsoft released several updates to Windows operating systems. The patch did not only fix 87 software vulnerabilities (21 of which were critical)^[1] but also introduced new changes to the way drivers are verified within the operating system environment. To be precise, Windows will now check the publisher of the driver to ensure its integrity.

As a result, those users who attempt to download and install new drivers for their hardware might face one of the following errors “Windows can’t verify the publisher of this driver software” or “No signature was present in the subject.” Microsoft explained why the issue why such errors might occur under the “Known issues” section of the Windows 10 version 2004 release notes:^[2]

This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.

As evident, sudden errors might come as a surprise for users who attempt to download drivers from insecure sources. Software verification is an important process to protect users and their operating systems from unexpected errors and security issues.

Microsoft attempts to reduce Kernel malware infection rates

To function properly, drivers have to gain access to kernel – the very top of the authentication chain within every Windows computer. Kernel, which resides in the part of the memory, controls everything on the system and is the first component to boot once the power button is pressed. It then sends the commands to other parts of the computer, including hardware and software interaction, software requests, and more.

Kernel malware,^[3] otherwise known as a rootkit, is one of the most dangerous and devastating forms of malicious software. Once the kernel is infected, it completely overrides the controls of normal computer functions, as it runs with the highest level of permissions on the system. Due to this, most security applications run at lower permission levels, resulting in inability to easily find and delete it. While kernel malware removal is not impossible, it is a very complicated procedure, and most users would not even be aware that it is running in the background.

Rootkits are typically installed on the system during the installation of drivers which have been tampered with. Therefore, by checking the signature properties of the file, Windows can prevent the installation of kernel malware. And while there is no guarantee that threat actors would not find ways to bypass this process, the signature check adds an extra layer of protection.

It is not the first time Microsoft components were used to spread malware. OneNote, one of the most used note-taking applications, is also abused by crooks to spread malicious software via the files attached to email spam. This is quite a bit different from the common Word or Excel formats that crooks typically use.

Windows updates and drivers have a long and complicated history

Drivers^[4] are one of the integral parts of any Windows operating system, as they ensure that all the hardware and software components work well. In other words, you would not be able to use your printer or a graphics card without drivers. Unfortunately, since there are so many manufacturers of hardware that are compiled into a single machine, driver problems are not uncommon.

It is not a secret that Windows updates caused numerous problems^[5] to users once the Patch Tuesday hits. However, it is less likely to be related to the operating system itself, but rather drivers. To avoid problems and pass the new Windows driver verification process, we recommend using DriverFix – the app can download and install all the required drivers automatically from a secure and verified database. This means that, instead of wandering around various manufacturer's websites and finding drivers designed for your particular hardware, you could ensure driver integrity with just a few clicks.

About the author

Jake Doe - Computer technology geek

Jake Doe is the news editor at UGetFix. Since he met Ugnius Kiguolis in 2003, they both launched several projects that spread awareness about cybercrimes, malware, and other computer-related problems.

Contact Jake Doe
About the company Esolutions

References

^ Catalin Cimpanu. Microsoft October 2020 Patch Tuesday fixes 87 vulnerabilities. ZDNet. Breaking news, analysis, and research.
^ October 13, 2020—KB4579311 (OS Build 19041.572). Microsoft. Support.
^ Engin Kirda. Detecting and Analyzing Kernel-Based Malware. SecurityIntelligence. IBM threat intelligence.
^ What is a driver?. Microsoft. Docs.
^ Henry T. Casey. Windows 10 update is breaking apps — again!. Tom's guide. Tech Product Reviews, Top Picks and How To.