You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
kernel drivers
About this tag
Kernel drivers are a critical component of Windows security and stability, as they operate with the highest system privileges. Discussions on WindowsForum.com cover recent Microsoft changes to kernel driver trust, including the April 2026 update that ends default trust for legacy cross-signed drivers, shifting toward the Windows Hardware Compatibility Program to combat BYOVD attacks. Several threads address elevation-of-privilege vulnerabilities in kernel drivers such as the WinSock AFD driver (CVE-2026-26168, CVE-2026-21241), the UDFS driver (CVE-2026-23672), the Cloud Files Mini Filter Driver (CVE-2026-20940), and the CLFS driver (CVE-2026-20820). These vulnerabilities allow local attackers to escalate to SYSTEM, making patching a priority for enterprises. The tag also touches on ReactOS and its efforts to support Windows kernel drivers.
CVE-2026-26168 is the kind of Windows kernel-adjacent issue that immediately demands attention, even when public details are sparse. Microsoft identifies it as a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability, which places it in a category that historically...
Microsoft is preparing one of the most consequential Windows kernel trust changes in years, and it lands at the intersection of security hardening, enterprise compatibility, and Microsoft’s broader effort to make Windows 11 feel more reliable. The company plans to stop loading kernel drivers...
app control for business
application control for business
driver signing
enterprise it
enterprise it management
kernel code integrity
kernel driver security
kernel driver signing
kernel driver trust
kerneldrivers
wdac
wdac app control
whcp
whcp driver signing
whcp signing
windows 11
windows kernel security
windows security
Microsoft is about to do something that sounds small on paper but could reshape a corner of Windows security that has lingered far too long in a grey zone. Beginning with the April 2026 Windows security update, the company will stop trusting legacy cross-signed kernel drivers by default and move...
Microsoft shipped an urgent fix on Patch Tuesday for a newly catalogued elevation-of-privilege flaw in the Windows Universal Disk Format File System Driver (UDFS), tracked as CVE-2026-23672, closing a local attack path that could let low‑privilege users escalate to SYSTEM on affected machines...
Microsoft’s public advisory entry for CVE-2026-21241 records a new elevation-of-privilege issue tied to the Windows Ancillary Function Driver for WinSock (AFD, afd.sys), but technical detail in the advisory is intentionally sparse; defenders must therefore treat the vendor’s update mapping as...
ReactOS reached a quiet but meaningful milestone on January 22, 2026: three decades since the project’s first commit, a long-running community effort to rebuild the Windows NT architecture as a free, open-source operating system capable of running Windows applications and drivers natively. That...
Microsoft’s Security Update Guide lists CVE-2026-20940 as an elevation-of-privilege (EoP) vulnerability in the Windows Cloud Files Mini Filter Driver, and defenders should treat any new Cloud Files mini-filter entry as a high-priority patch-and-hunt item until proven otherwise. Background /...
Microsoft has recorded CVE-2026-20820 — a heap‑based buffer overflow in the Windows Common Log File System driver (clfs.sys) that Microsoft classifies as an elevation of privilege vulnerability; an authorized local attacker able to run code as a standard user or manipulate CLFS‑read inputs can...
If you've ever fought Windows' inconsistent mouse acceleration, Raw Accel may finally give you the control you've been missing — a signed, kernel-mode replacement for Windows’ built‑in acceleration that lets you define precisely when, how, and by how much your cursor speeds up.
Background...
Keeper Security’s new Forcefield lands as a direct countermeasure to one of the fastest-growing attack vectors on Windows endpoints: memory-based credential theft and in-memory “infostealer” malware that scrapes browsers, extensions and running apps for secrets.
Background
Memory-based attacks...
Microsoft has quietly applied — and then started to unwind — a targeted compatibility block that prevented many Windows 11 PCs from receiving the 24H2 feature update because of a third‑party kernel driver, sprotect.sys, supplied by SenseShield Technology; the issue exposed how a single vendor...
Microsoft has recorded CVE-2025-55336 — an information-disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that permits an authorized local actor to read sensitive data from affected hosts; the issue is assigned a CVSS v3.1 base score of 5.5 (Medium) and Microsoft...
Microsoft’s latest push to make Windows on Arm not just possible but practical has given Redmond a concrete, timed reason for users and IT teams to move off Windows 10: the combination of Windows 10’s scheduled end of support and major Windows 11 on Arm improvements (notably the Prism emulator...
anti-cheat arm
arm pcs
arm64
avx-avx2-fma
battery-life-arm
computer peripherals
copilot
enterprise migration
esu-end-of-support
gaming on arm
kerneldrivers
on-device ai
pilot testing
premiere-pro-arm
prism emulator
snapdragon
windows 10 end of support
windows on arm
x86
Valve has quietly but meaningfully reshaped the Steam client with a sweeping UI and accessibility refresh that brings long-requested controls — UI scaling, high-contrast mode, reduced motion, and a dedicated customization tab for game artwork — to the desktop and SteamOS users, and the result is...
Note: below is a long-form, technically focused feature article about CVE-2025-53804. I drew on Microsoft’s official entry for this CVE and on Microsoft documentation and guidance about kernel-mode drivers and driver blocklists to explain the risk, likely exploitation paths, detection and...
Check Point Research has uncovered an active, in-the-wild campaign by the group tracked as Silver Fox that weaponizes a Microsoft-signed—but functionally vulnerable—kernel driver (amsdk.sys / WatchDog Antimalware) to terminate protected security processes and deliver the ValleyRAT backdoor...
The August cumulative for Windows 11 — identified as KB5063878 (OS Build 26100.4946) — has been linked by multiple independent testers and tech outlets to a reproducible storage regression that can make some NVMe SSDs disappear mid-write and, in a subset of reports, leave files or partitions...
Microsoft’s August Windows 11 patch cycle has produced two very different but equally alarming headlines this week: an emergency mitigation for enterprise update delivery failures, and community reports that the same cumulative update may be triggering storage devices to become unreadable or...
0x80240069
august 2025
backup
data loss
dram-less
enterprise it
installation issues
kb5063878
kerneldrivers
mecm
nvme
phison
release health
sccm
servicing stack
ssd failure
storage issues
vendor advisories
windows 11
wsus
Epic Games’ Easy Anti‑Cheat (EAC) is finally landing on ARM platforms — a technical and ecosystem milestone that removes one of the largest obstacles keeping multiplayer PC games off Snapdragon‑powered Copilot+ laptops and Linux ARM devices. The company shipped updated Epic Online Services (EOS)...
anti-cheat
anti-cheat vendors
arm
arm64
auto sr
driver signing
eos sdk
epic online services
fortnite arm
game development
gaming on arm
gaming portability
kerneldrivers
linux
prism
proton
snapdragon
steam deck
windows on arm
windows security
Microsoft is rolling out a targeted update that begins to change how the Xbox PC app behaves on Arm®-based Windows 11 devices, and for the first time Microsoft is letting Insiders download and run more PC titles locally on ARM hardware rather than relying solely on cloud streaming. This shift —...
anti-cheat
anti-cheat compatibility
arm devices
arm native apps
arm64
auto sr
battleye
cloud gaming
compatibility-list
directx
drm
dx11
emulation
game catalog
game compatibility
game pass
gaming
gaming on arm
handheld gaming
hybrid cloud
insider preview
insider program
kerneldrivers
local games
local installation
microsoft development
pc gaming preview
prism emulator
snapdragon
storefronts
windows 11
windows insider
windows on arm
works-on-woa
xbox
xbox app
xbox insiders
xbox-pc cohesion