[36933]

Does it have to be installed though? Can’t you just load the driver, if it’s signed and not on the driver block list now on 22H2?

[fazfq]

You have to be a local administrator to load a driver.

[wongarsu]

Even a "local admin to Ring0 without reboot"-exploit might have some uses in malware.

[fazfq]

But that already exists. There are thousands of signed drivers; many around are bound to be exploitable. But it's not Windows' fault that you installed one.

The truth of the matter is that if you are local admin you can already ruin the system in many ways. Once you are admin the game is already over.

[Rygian]

Imagine you're my clueless family relative and you end up installing one of those signed-yet-exploitable drivers.

Whose fault is it?

[fazfq]

If I operate machinery or any kind of device that I'm clueless about and I screw up it definitely is my fault, yes.