For the previous couple of days or so, numerous customers on-line have reported that their fan management and/or different PC {hardware} monitoring purposes are being flagged by Microsoft Defender. Affected apps embrace ones from Razer, SteelSeries, and lots of extra. These purposes are getting flagged attributable to an underlying “WinRing0x64.sys” system driver that Microsoft warns as “HackTool:Win32/Winring0” and Defender is quarantining the risk instantly upon detection.

Because it seems, this isn’t completely improper on Microsoft’s half to mark it because the driver is certainly weak. The developer of the favored free fan management app referred to as “Fan Management” has defined that purposes like these which depend on the open-source LibreHardwareMonitorLib driver (WinRing0x64.sys) are technically appropriately being flagged. That’s as a result of the driving force can theoretically be exploited because it stays unpatched.

They write:

Lots of you reported that Defender began to flag the LibreHardwareMonitorLib driver (WinRing0x64.sys), you don’t want to report it moreover, Iu0027m conscious of it.

This kernel driver all the time had a identified vulnerability that could possibly be theoretically be exploited on an contaminated machine. The motive force or this system itself usually are not malicious and usually are not kind of safe than earlier than it received flagged. It’s good apply to overview the danger earlier than any motion is taken with Defender

These drivers had been first detected as weak again in 2020 and have been tracked underneath ID “CVE-2020-14979.” The NVD (Nationwide Vulnerability Database) says that it could actually learn and write to arbitrary reminiscence places that are traits of buffer or stack overflow safety flaws. It notes:

The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 by 1.0.6 permit native customers, together with low integrity processes, to learn and write to arbitrary reminiscence places. This enables any consumer to achieve NT AUTHORITYSYSTEM privileges by mapping DevicePhysicalMemory into the calling course of.

In the meantime, Razer has additionally issued an replace about its Synapse app and recommends customers improve to Synapse 4 from Synapse 3, or in any other case, replace to the most recent model of the latter. A Razer neighborhood discussion board official wrote:

Synapse 3 rolled out a safety patch on February 20, 2025, to maneuver away from these drivers.

Synapse 4 didn’t use these drivers.

We encourage anybody dealing with this concern to verify that they’re utilizing the most recent model of Synapse 3, or improve to Synapse 4 for probably the most superior safety and options.

That is according to what’s being dealt with all through the trade. We went forward and made certain every part is safe forward of time, but it surely’s crucial that customers are updated with their Home windows safety patches and any others the place required.

Thus that is merely not the case of a false optimistic or PUA which Microsoft may have handled its Sensible Management app, one thing which it highlighted not too long ago as a serious enchancment on Home windows 11, and recommends customers transfer on Home windows 10 transfer to through a clear set up.

Additionally, in latest Defender information, Microsoft launched the most recent model of safety intelligence updates for Home windows 11, 10, and Server set up photos.