windows-unsigned-drivers-allowed: Installation of Unsigned Drivers Allowed

日期: 2025-08-01 | 影响软件: windows unsigned drivers allowed | POC: 已公开

漏洞描述

Checks if the system allows the installation of unsigned drivers.

PoC代码[已公开]

id: windows-unsigned-drivers-allowed

info:
  name: Installation of Unsigned Drivers Allowed
  author: princechaddha
  severity: high
  description: Checks if the system allows the installation of unsigned drivers.
  impact: |
    Allowing unsigned drivers increases the risk of malware or poorly constructed drivers being installed.
  remediation: |
    Only allow the installation of signed drivers.
  tags: windows,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Driver Signing').Policy

    matchers:
      - type: word
        words:
          - "0"
# digest: 4a0a0047304502205c34de5dd6d8c0762ca2828e0fc7163e8090d96c0c6e1f6237bd9a6513ee44a4022100d5553746eb9dd3112ba30b44714e63db07f5560c4f18eb9e7194d3a270f8e37b:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/audit/windows-unsigned-drivers-allowed.yaml