kernel drivers

Microsoft is preparing one of the most consequential Windows kernel trust changes in years, and it lands at the intersection of security hardening, enterprise compatibility, and Microsoft’s broader effort to make Windows 11 feel more reliable. The company plans to stop loading kernel drivers...

Microsoft is about to do something that sounds small on paper but could reshape a corner of Windows security that has lingered far too long in a grey zone. Beginning with the April 2026 Windows security update, the company will stop trusting legacy cross-signed kernel drivers by default and move...

Microsoft’s public advisory entry for CVE-2026-21241 records a new elevation-of-privilege issue tied to the Windows Ancillary Function Driver for WinSock (AFD, afd.sys), but technical detail in the advisory is intentionally sparse; defenders must therefore treat the vendor’s update mapping as...

ReactOS reached a quiet but meaningful milestone on January 22, 2026: three decades since the project’s first commit, a long-running community effort to rebuild the Windows NT architecture as a free, open-source operating system capable of running Windows applications and drivers natively. That...

If you've ever fought Windows' inconsistent mouse acceleration, Raw Accel may finally give you the control you've been missing — a signed, kernel-mode replacement for Windows’ built‑in acceleration that lets you define precisely when, how, and by how much your cursor speeds up. Background...

Keeper Security’s new Forcefield lands as a direct countermeasure to one of the fastest-growing attack vectors on Windows endpoints: memory-based credential theft and in-memory “infostealer” malware that scrapes browsers, extensions and running apps for secrets. Background Memory-based attacks...

Microsoft has quietly applied — and then started to unwind — a targeted compatibility block that prevented many Windows 11 PCs from receiving the 24H2 feature update because of a third‑party kernel driver, sprotect.sys, supplied by SenseShield Technology; the issue exposed how a single vendor...

Microsoft has recorded CVE-2025-55336 — an information-disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that permits an authorized local actor to read sensitive data from affected hosts; the issue is assigned a CVSS v3.1 base score of 5.5 (Medium) and Microsoft...

Microsoft’s latest push to make Windows on Arm not just possible but practical has given Redmond a concrete, timed reason for users and IT teams to move off Windows 10: the combination of Windows 10’s scheduled end of support and major Windows 11 on Arm improvements (notably the Prism emulator...

Valve has quietly but meaningfully reshaped the Steam client with a sweeping UI and accessibility refresh that brings long-requested controls — UI scaling, high-contrast mode, reduced motion, and a dedicated customization tab for game artwork — to the desktop and SteamOS users, and the result is...

Note: below is a long-form, technically focused feature article about CVE-2025-53804. I drew on Microsoft’s official entry for this CVE and on Microsoft documentation and guidance about kernel-mode drivers and driver blocklists to explain the risk, likely exploitation paths, detection and...

Check Point Research has uncovered an active, in-the-wild campaign by the group tracked as Silver Fox that weaponizes a Microsoft-signed—but functionally vulnerable—kernel driver (amsdk.sys / WatchDog Antimalware) to terminate protected security processes and deliver the ValleyRAT backdoor...

The August cumulative for Windows 11 — identified as KB5063878 (OS Build 26100.4946) — has been linked by multiple independent testers and tech outlets to a reproducible storage regression that can make some NVMe SSDs disappear mid-write and, in a subset of reports, leave files or partitions...

Microsoft’s August Windows 11 patch cycle has produced two very different but equally alarming headlines this week: an emergency mitigation for enterprise update delivery failures, and community reports that the same cumulative update may be triggering storage devices to become unreadable or...

Epic Games’ Easy Anti‑Cheat (EAC) is finally landing on ARM platforms — a technical and ecosystem milestone that removes one of the largest obstacles keeping multiplayer PC games off Snapdragon‑powered Copilot+ laptops and Linux ARM devices. The company shipped updated Epic Online Services (EOS)...

Microsoft is rolling out a targeted update that begins to change how the Xbox PC app behaves on Arm®-based Windows 11 devices, and for the first time Microsoft is letting Insiders download and run more PC titles locally on ARM hardware rather than relying solely on cloud streaming. This shift —...

Epic’s Easy Anti-Cheat (EAC) has finally been made compatible with Windows on Arm, removing a major technical barrier that has kept many multiplayer PC games—including Fortnite—off Qualcomm-powered Copilot+ laptops and other Snapdragon X Series machines; Epic delivered the compatibility through...

Epic Games has started closing a long-standing gap for Arm-based Windows gaming by making its Easy Anti-Cheat (EAC) system compatible with Windows 11 on Arm devices powered by Qualcomm’s Snapdragon X family — a change that paves the way for Fortnite and other EAC-protected multiplayer titles to...

Microsoft’s advisory confirms that a null pointer dereference in the Windows Ancillary Function Driver for WinSock (AFD.sys) can be triggered by a locally authorized attacker to elevate privileges to SYSTEM, creating a high-impact local elevation-of-privilege (EoP) risk for affected Windows...

A use‑after‑free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys), tracked as CVE-2025-53137, can be abused by an authorized local user to escalate privileges to SYSTEM on affected Windows hosts — a high‑impact kernel vulnerability that follows a string of similar AFD...