Starting from March 11, Windowsdefender began to block (place in quarantine) the free driver winring0. The driver is used to obtain access from the user’s space to various equipment, for which there is no other API in the system.
The Winring0 driver is in demand in projects that control equipment settings, both free (openrgb, Libre Hardware Monitor, fancontrol), and proprietary (Signalrgb, Razer Synapse 3). Among the programs using the driver, there is official software from dozens of equipment manufacturers, including popular ones. The driver was signed independently by the author (developer CrystalDiskMark) and adopted by Microsoft.
Microsoft’s concern that led to the block is due to the fact that any program can gain access to the driver installed in the system, and through the driver, the program can manipulate any device in the system or increase its privileges (CVE-2020-14979).
In response to the block, many companies had to take action. For example, Signalrgb switched the program to use their own proprietary replacement, while Steelseries completely disabled the functionality of outputting system indicators to the built-in screens of their equipment.
Currently, a correction has been released for Winring0, limiting the use of the driver to only be launched with administrator rights. However, obtaining a new assembly signature due to changes in Microsoft’s policies regarding drivers is proving difficult.
The Chinese company HYTE, which develops the HYTE NEXUS equipment for monitoring and also uses this driver, has encountered a bureaucratic procedure and announced that they will release a signed assembly for free use. Even if Microsoft accepts an updated driver, many programs for managing equipment settings and monitoring will need to be launched with administrator rights or adapt to work with a modified driver.