Microsoft dropping outdated drivers over security fears

Microsoft is dropping support for a number of hardware drivers over concerns about security and compatibility.

Described by the Redmond, Washington-based company as a “cleanup,” the move serves as a warning to hardware vendors and system administrators to upgrade their drivers and modernize their systems with newer drivers and firmware.

“The rationale behind this initiative is to ensure that we have the optimal set of drivers on Windows Update that cater to a variety of hardware devices across the windows ecosystem, while making sure that Microsoft Windows security posture is not compromised,” Microsoft said.

“This initiative involves periodic cleanup of drivers from Windows Update, thereby resulting in some drivers not being offered to any systems in the ecosystem.”

In practice, this means that Microsoft will be phasing out support for hardware drivers that have already been succeeded by newer versions in Windows Update. Those drivers that have lost support will no longer be receiving security and stability updates through Microsoft.

Administrators will be prompted via Windows Update to download and install the newer drivers, which receive support updates and patches.

Rather than outright retire appliances that have been made obsolete, administrators will have the option to install the newer driver versions and continue using the appliance with official support.

“After the expiry, Microsoft will publish a blog post mentioning the end of the first cut of driver expiry,” Microsoft explained.

“After that, there will be a 6-month window for partners to get back with concerns (if any). If no action is taken, the drivers will be permanently removed from Windows Update.”

Because drivers are not often seen by administrators and system owners as a priority for security updates, they can often become low-hanging fruit for threat actors, particularly as they start to age out and become forgotten. Microsoft said it is looking to remedy this condition by taking action to clean out older drivers from its support lifecycle and focus on newer versions that are more widely in use.

Microsoft noted that hardware vendors will still have the option to update drivers and lobby Microsoft to reinstate any of the cancelled versions, though Redmond noted that vendors will need to make a “business case” as to why a driver should be reinstated for continued support.

Redmond said that the move is part of a larger initiative to get on top of its management of driver updates and ensure that support for the latest updates and patches is maintained on devices.

“This is meant to be a regular exercise to optimize what windows update has to offer. We are beginning with the above-mentioned category of drivers but will expand to cover more categories of drivers that Microsoft deems fit to be expired from windows update,” the company said.

“Each time such a cleanup occurs, Microsoft will communicate broadly so that partners know what to expect.”