Microsoft to Certify Old Kernel Drivers in Windows 11 and Windows Server
Microsoft has announced that it will now certify old kernel drivers in Windows 11 and Windows Server. Only drivers meeting the new security standards will continue to function starting from April.
Microsoft stated in a blog post that it will monitor the support of kernel drivers in Windows more strictly. Starting from the April 2026 update, kernel drivers signed by outdated software will need to obtain their certification again. The old certificates no longer provide sufficient guarantees for security and driver compatibility, wrote Microsoft.
From now on, only drivers meeting the strict requirements of the Windows Hardware Compatibility Program (WHCP) will be allowed to load by default. However, Microsoft will maintain a limited list of “trusted” drivers to avoid compatibility issues. This change applies to supported versions of Windows 11 and Windows Server 2025, and will also be enforced for all future versions.
The new policy ensures that only WHCP certified drivers access the kernel, significantly reducing the attack surface. Microsoft emphasizes that drivers are a critical element of the Windows ecosystem, and their integrity is essential for a secure working environment. Older drivers pose an invisible security risk.
Evaluation Mode
Each driver will have a fair chance to prove itself. Microsoft plans an evaluation phase in April to prevent compatibility issues. During this phase, the system will monitor and audit all driver loads to determine if the new policy can be safely activated.
A certificate will only be granted if strict criteria are met, such as a minimum of 100 hours of operation and three restarts for Windows 11. For Windows Server, a minimum of two restarts is required. Drivers not meeting the new standards will be blocked. If unreliable drivers are detected during the evaluation, the evaluation period will be reset, and the policy will remain in evaluation mode.
For organizations dependent on specific non-WHCP certified drivers, Microsoft offers a solution through Application Control for Business. This policy allows companies to authorize unreliable drivers themselves, provided they are signed by an authorized key in the Secure Boot environment. This approach maintains security without sacrificing compatibility.
Confusion Around Printers
Microsoft acknowledges that many users and organizations rely on older drivers for their hardware or software. Balancing between security and compatibility can sometimes be challenging to maintain. In February, Microsoft caused confusion by suggesting that old printers would lose their support in Windows. Ultimately, Microsoft aims to quickly eliminate third-party drivers in Windows and steer users towards its own software.
