[German]I’ll pull it out separately, because the topic will still occupy us. With the October 2020 updates, Microsoft has introduced a change in Windows 8.1 and Windows 10 as well as the server pedants. Third-party drivers will be blocked if they do not have a correct format with signature in the catalog files. Here is some information on this topic.
Third party drivers may be blocked
Microsoft introduced the change incidentally and hid within the support articles for the security updates of October 13, 2020. In the support articles a ‘known bug’ is listed (see also Patchday: Windows 10 Updates (October 13, 2020)). There Microsoft says:
When installing a third-party driver, users may receive the error message “Windows cannot verify the publisher of this driver software”.
The driver is then blocked from installation. If the user tries to view the signature properties of the driver files using Windows Explorer (right click, Properties), the error message “There was no signature in subject” may also be displayed.
Updated driver catalog file requirements
Microsoft states the reason for this driver blockage and the signature error in the support articles of the affected updates as follows:
This issue occurs when Windows validation detects an incorrectly formatted catalog file.
Beginning with the installation of the October 13, 2020 security updates, Windows will require the validity of DER-encoded PKCS#7 content in catalog files. Catalog files must be signed according to Section 11.6 of the description of DER encoding for SET OF members in X.690. Microsoft has published this entry in the Windows 10 status page. This affects the following Windows versions:
- Client: Windows 10, Version 2004; Windows 10, Version 1909; Windows 10, Version 1903; Windows 10, Version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, Version 1803; Windows 10, Version 1709; Windows 10 Enterprise LTSC 2016; Windows 10, Version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1
- Server: Windows Server, Version 2004; Windows Server, Version 1909; Windows Server, Version 1903; Windows Server, Version 1809; Windows Server 2019; Windows Server, Version 1803; Windows Server, Version 1709; Windows Server 2016; Windows Server 2012 R2
If the driver is blocked, users should contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to fix the problem, Microsoft advises. Because there is often no support for older drivers there, this suggestion is a way to ‘nowhere’. Windows is a huge hardware exterminator, rendering still working devices as electronic waste, because drivers can no longer be installed.
This will affect some manufacturers. A prominent victim is HP, whose Sure Click solution on the Bromium Security Platform stopped working after installing the October 2020 security updates (see HP Business Notebooks: Trouble with Sure Click/Bromium and Windows 10 October 2020 Updates).