Microsoft has detailed its next step in eliminating uninitialized memory issues, this time targeting the uninitialized kernel pool memory used by developers who build hardware drivers for Windows.
These uninitialized memory vulnerabilities represent as many as one in 10 of all Microsoft CVEs in recent years, according to Joe Bialek, a security engineer in the Microsoft Security Response Center (MSRC).
“Uninitialized kernel pool vulnerabilities account for a little under half of all uninitialized memory issues that were reported to Microsoft between 2017 and the middle of 2018,” notes Bialek.
Bialek last month detailed Microsoft’s InitAll project to address uninitialized memory vulnerabilities. InitAll was enabled in kernel-mode code, Hyper-V code, and networking-related user-mode services from Windows 10 version 1903 and newer.
It’s part of Microsoft’s larger effort to kill off memory-related bugs, which have made up about 70% of all patches Microsoft shipped over the past decade, in part because