Windows 10

Microsoft is adding a dedicated OEMDRIVERS folder to Windows 10 that will be used to store third-party drivers.

Since Windows Vista, the operating system has included a folder called %SystemRoot%\System32\DriverStore that is used to hold validated drivers for the operating system.

To prevent tampering of hardware drivers, Windows only allows the installation of drivers located in the DriverStore. Before a driver is added to the DriverStore the operating system will first verify its digital signature to confirm it has not been maliciously modified.

In current versions of Windows 10, all drivers, whether they be Microsoft or third-party drivers, are stored together in the DriverStore.

It appears this is about to change as Windows hacker Albacore has discovered a hidden feature in the Windows 10 21H2 preview build 21343 that creates a dedicated folder for third-party drivers.

A dedicated OEMDRIVERS folder

This feature is called 'Writeable_DriverStore,' and when enabled, will cause Windows 10 to migrate all third-party drivers to a dedicated OEMDRIVERS folder when a new version of the operating system is installed.

This folder is located under C:\Windows\OEMDRIVERS rather than the C\Windows\System32 folder where the current DriverStore is located.

New Windows 10 OEMDRIVERS folder
New Windows 10 OEMDRIVERS folder

For this feature to work, it must be enabled before the first boot of a new version of Windows 10. Once it is enabled and the new version is installed, Windows 10 will automatically migrate external drivers to the OEMDRIVERS folder.

"Can confirm that by enabling it ASAP all driver installations are redirected. Here's a fresh 21343 VM with the feature enabled before 1st boot: both inbox printing extras and VMware tools drivers are now in OEMDRIVERS," Albacore tweeted while sharing the following image of the moved drivers.

Drivers migrated by new Windows 10 feature
Drivers migrated by new Windows 10 feature

While this feature will not have an outward benefit to users, it allows Microsoft to move third-party libraries outside of the C:\Windows\System32 folder.

The C:\Windows\system32 folder has always been meant to store only the trusted files necessary for the operating system to function. 

Unfortunately, it has also become a location where non-Microsoft developers host their own executables and drivers over the years.

By moving third-party files outside of System32, it could allow Microsoft to further tighten the folder's security, and thus the operating system itself. 

Related Articles:

Windows 10 KB5026435 update released with 2 new features, 18 fixes

Windows 10 KB5026361 and KB5026362 updates released

Windows 10 KB5025297 preview update released with 10 fixes

Windows 10 KB5025221 and KB5025229 updates released

Microsoft pushes OOB security updates for Windows Snipping tool flaw