Microsoft has embarked on a significant initiative aimed at enhancing the security and compatibility of its Windows ecosystem by periodically removing legacy drivers from the Windows Update catalog. This strategic move is designed to ensure that users benefit from the most optimal set of drivers available, tailored to a wide array of hardware devices.
Rationale Behind the Initiative
The company articulated that the primary goal of this initiative is to bolster the security posture of Microsoft Windows while maintaining compatibility across various hardware configurations. “The rationale behind this initiative is to ensure that we have the optimal set of drivers on Windows Update that cater to a variety of hardware devices across the Windows ecosystem,” Microsoft stated.
As part of this effort, Microsoft will initiate a systematic cleanup of drivers from Windows Update, which means that some drivers may no longer be offered to systems within the ecosystem. The first phase of this cleanup will focus on drivers that already have newer replacements published on Windows Update.
Understanding the Cleanup Process
This cleanup process entails expiring drivers by severing their association with the audience in Windows Update. Consequently, these drivers will not be available for any Windows system. The removal will be executed by deleting the expired driver’s audience assignments within the Hardware Development Center.
Initially, the focus will be on legacy drivers, with plans to broaden the scope to include additional categories that may pose security risks. However, partners will still have the opportunity to republish drivers that have been removed by Microsoft, provided they can present a valid business rationale.
A Proactive Approach to Security
Microsoft emphasized that this proactive measure aims to enhance security and improve the overall quality of drivers available to Windows users. “Moving forward, expect this cleanup to be a routine practice, and prepare for the introduction of new publishing guidelines that will help all Windows users keep their systems in a secure and reliable state,” the company added.
In conjunction with this announcement, Microsoft also revealed changes to pre-production driver signing, prompted by the impending expiration of certificate authorities (CAs) in July, as well as the retirement of Windows Metadata and Internet Services (WMIS) and device metadata. Furthermore, earlier this week, the company introduced new security defaults for Windows 365 Cloud PCs and updated security protocols for all Microsoft 365 tenants to restrict access to SharePoint, OneDrive, and Office files via legacy authentication methods.
