Microsoft Blocks Legacy Drivers in Windows 11 With New Kernel Security Policy

Microsoft is rolling out a major security upgrade for Windows 11 by tightening how kernel-level drivers are trusted and loaded. The change targets outdated signing methods that have remained in the system for decades, aiming to reduce attack surfaces and improve platform stability.

Legacy Driver Trust Model Phased Out

The company will no longer allow legacy cross-signed root drivers by default across:

• Windows 11 versions 24H2, 25H2, and 26H1
• Windows Server 2025
• Future Windows client and server releases

This legacy trust model dates back to the early 2000s and was officially retired in 2021. However, some drivers signed with expired certificates have continued to function, creating potential security risks.

WHCP Becomes the New Standard

Starting in April 2026, Windows will only accept drivers signed through the Windows Hardware Compatibility Program (WHCP) by default. This ensures that all kernel drivers meet modern security and compatibility standards before being allowed to run.

Microsoft will maintain a compatibility allow list for trusted legacy drivers, allowing older but verified drivers to continue working without disruption.

Gradual Rollout With Evaluation Mode

The rollout will begin in evaluation mode. During this phase:

• The system monitors driver behavior across reboots and usage
• Enforcement remains inactive initially
• Microsoft gathers telemetry before enabling strict enforcement

This approach allows Microsoft to identify potential compatibility issues while minimizing disruptions for users and organizations.

Enterprise Flexibility With WDAC

Organizations that rely on custom or internal drivers can override the new policies using Application Control for Business, previously known as Windows Defender Application Control (WDAC). This ensures enterprise environments retain flexibility while adopting the new security model.

Microsoft says the policy is based on telemetry collected from billions of devices. The company will continue refining enforcement based on real-world feedback to balance security with compatibility.

Broader Windows 11 Changes Ahead

Alongside this security shift, Microsoft is also working on broader Windows 11 improvements. Reports suggest upcoming updates may deliver significant performance gains, similar to the unfinished Project 20/20 initiative.

The company is also exploring changes to reduce unnecessary Copilot integrations and expand Taskbar customization options, signaling a broader effort to improve usability alongside security.

Via Neowin