← Back to diffwire

Microsoft revokes trust for cross-signed legacy driver program in major security update

5 articles | Updated 3h ago | Created 22h ago
MICROSOFT

On March 27, announced by multiple tech outlets including The Register and Osnews as a significant step forward in securing Windows. This critical fix blocks the long-retired "cross-signed" driver mechanism that previously allowed outdated kernel drivers to bypass strict hardware compatibility checks without user consent or explicit approval from Microsoft's Hardware Compatibility Program (HCP). By removing trust for these cross-signing programs, which had been exploited since at least 2019 and led to credential abuse on legacy devices.

Key Points

  1. 1
    Microsoft will remove system-wide security 'trust' starting April, affecting all cross-signed driver programs.
  2. 2
    This change targets kernel drivers that have not been vetted through the Windows Hardware Compatibility Program (WHCP).
  3. 3
    The update aims to address a long-standing years-old vulnerability by enforcing stricter signature validation rules.

Developments

2026-04, Beginning of April phase-out period. Microsoft will cease trusting kernel drivers signed with the deprecated cross-signed root program or not vetted through WHCP. This change begins in early to mid-April 2025.
March 1, Announcement date (implied by context of 'April' being next month). Microsoft announced the removal plan for cross-signed drivers and non-WHCP vetted kernel drivers to strengthen security. The specific start time is set at April.
Advancing Windows driver security: Removing trust for the cross-signed driver program
Reddit /u/digicat 3h ago

Microsoft is removing default kernel driver signatures from all cross-signed root programs to enhance system reliability, while maintaining an explicit allow list of vetted WHCP-certified drivers on supported systems like Windows 11 and Server starting in April 2026. This update enforces a stricter trust policy where only Microsoft-owned certificates will authorize the loading of kernel driver code by default across future versions of these operating system releases.

A critical Windows security fix puts legacy hardware on borrowed time
Computerworld 15h ago

Microsoft is blocking legacy kernel drivers signed by a deprecated cross-signed root program that was used to facilitate credential theft since the early 2000s. Starting in April with an evaluation mode rollout for Windows and Server updates through late summer of next year, this change aims close security vulnerabilities while allowing overrides or exceptions for trusted older applications before full enforcement begins later.

Microsoft removes trust for drivers signed with the cross-signed driver program
Osnews Thom Holwerda 18h ago

Microsoft is removing default trust for all kernel drivers signed by its discontinued cross-signed root program in Windows updates starting April 2026 (versions including Win11 24H2, Server 2025). Only a limited allow list of reputable WHCP-compliant or explicitly trusted cross-signed drivers will be loaded automatically.

Windows is finally fixing a years-old security hole in April
Pcworld 22h ago

Starting in April 2026, Windows 11 will cease trusting drivers signed via deprecated cross-signed root programs by default requiring certification through Microsoft's official Hardware Compatibility Program. This security update aims to prevent malicious code injection into the kernel based on two years of telemetry data and developer feedback while initially operating under an evaluation mode that audits all driver loads before enforcing restrictions fully across devices in April 2026

Microsoft tells crusty old kernel drivers to get with the Windows Hardware Compatibility Program
The Register The Register 23h ago