It’s a sequence of problems that lead to this:
- The kernel driver should have parsed the update, or at a minimum it should have validated a signature, before trying to load it.
- There should not have been a mechanism to bypass Microsoft’s certification.
- Microsoft should never have certified and signed a kernel driver that loads code without any kind signature verification, probably not at all.
Many people say Microsoft are not at fault here, but I believe they share the blame, they are responsible when they actually certify the kernel drivers that get shipped to customers.
I’m so surprised to read a Microsoft article written by a former member of the European Parliament from the Pirate Party, even moreso as the president of the lobbying arm of Microsoft.
I was interested in knowing what are the duties of the software providers under the regulation, more than hiw they don’t apply to hobbyists, I keep searching for other articles that explain it.