Program:Win32/VulnInsydeDriver.A Detected by windows Defender

I ran a custom scan just a few hours ago on my C: (performance SSD) and ended up with nothing except "Program:Win32/VulnInsydeDriver.A" being found. This laptop is only about 4 weeks old, (I did get it from Metabox, so it's custom assembly), and I'm confused why there's a threat on it. I'm guessing its just Windows worrying about exploitable software but I'm not really sure what to do with it so I came here. Any help is appreciated, thanks.

You are basically correct, since as the following information from Microsoft's Threat encyclopedia shows, it's a detection for a vulnerable driver that could allow modification of your PC BIOS by malware.

Program:Win32/VulnInsydeDriver.A threat description - Microsoft Security Intelligence

"Windows Defender Antivirus detects and blocks a vulnerable system driver (segwindrv.sys on 32-bit systems, segwindrvx64.sys on 64-bit systems) used by BIOS tools developed by Insyde Software."

"If you need to perform a BIOS update, download the latest BIOS tool from your PC manufacturer's support website. For more details, refer to Insyde's security announcement."

Threat behavior

A vulnerability exists in older versions of a kernel mode driver (version or earlier) included in Insyde Software’s BIOS tool. 

The driver creates a virtual note and loads the kernel driver at runtime to gain access to system resources for flashing BIOS. The driver could allow applications with user privileges to read and write with kernel privileges. Attackers can abuse this driver to perform elevation of privilege attacks and access resources like RAM, MSR, IO, etc.


10 people found this reply helpful


Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.


Question Info

Last updated May 10, 2021 Views 3,733 Applies to: