Microsoft Blocks Untrusted Kernel Drivers in Windows Update

Severity: Medium (Score: 51.9)

Sources: Cybersecuritynews, Theregister

Summary

Microsoft is set to enhance Windows security by blocking kernel drivers signed by the deprecated cross-signed root program starting with the April 2026 update. This change affects Windows 11 and Windows Server 2025, where only drivers certified through the Windows Hardware Compatibility Program (WHCP) will be trusted. The decision aims to mitigate risks associated with legacy drivers that have not undergone recent security evaluations. While the policy will initially operate in 'evaluation mode' to assess compatibility issues, it signals a shift towards stricter security measures in the Windows ecosystem. Administrators can still allow custom drivers through specific policies, but this is intended for internal use rather than legacy support. Microsoft emphasizes the need for a balance between security and compatibility, acknowledging potential impacts on users reliant on older drivers. The change will apply to various Windows versions, including 24H2, 25H2, and 26H1. Key Points: • Microsoft will block untrusted kernel drivers starting April 2026. • Only drivers certified through the WHCP will be allowed by default. • The policy will initially run in evaluation mode to monitor compatibility.

Key Entities

• Windows 11 (platform)
• Windows Server 2025 (platform)