Various problems caused by drivers have emerged in an endless stream for a long time. Whether it is the driver of the hardware manufacturer or the driver of the software developer, the system may crash due to various problems. A typical example is the global blue screen incident caused by the CrowdStrike driver in July 2024.
In view of such incidents, Microsoft is developing new driver standards and plans to eliminate OEM kernel permissions in the future, which means that OEMs and software developers can no longer inject driver code into the kernel, so that driver crashes will not crash the entire operating system.
Microsoft's idea is that all future signed drivers will have to meet higher security and reliability standards and pass multiple new certification tests, so that significantly less code will run in kernel mode in the coming years, including drivers that handle networking, cameras, USB, printers, and storage devices.
Change kernel permissions to API:
Windows is currently developing expanded built-in drivers and API interfaces that allow OEMs and software developers to replace custom or proprietary kernel-level drivers with standardized Windows drivers, which will help stabilize the operating system and reduce overall system bloat.
OEMs and software developers need to replace custom kernel-level drivers with standardized drivers, or migrate the operating logic to user mode instead of kernel mode, and separate the operating permissions of the driver and kernel while ensuring that the driver can work.
However, Microsoft also made it clear that Windows will continue to support third-party kernel mode drivers and will not restrict partners from innovating in areas where Windows does not have built-in standardized drivers. For example, graphics drivers for graphics cards can continue to run in kernel mode.
Microsoft said:
For drivers that use kernel mode, we are adding some practical safeguards to improve quality and contain failures before they turn into system crashes, including new mandatory compiler safety measures to constrain driver behavior, driver isolation to limit the scope of impact, and DMA remapping to prevent drivers from accidentally accessing kernel memory.
Finally, judging from the current news, Microsoft will most likely not restrict anti-cheating kernel-level drivers. In the past few years, there have been security holes or system problems caused by injecting anti-cheating modules into the kernel of games. However, as long as Microsoft has not developed a standard anti-cheating driver, game developers can continue to run anti-cheating drivers with kernel permissions.