Microsoft removes trust for drivers signed with the cross-signed driverprogram

Today,we'reexcited to announce a significant step forward in our ongoing commitment toWindowssecurity and system reliability: theremovaloftrust for all kerneldrivers signed by thedeprecatedcross-signed root program. This update will helpprotect our customers by ensuring that onlykerneldriversthat the Windows Hardware Compatibility Program (WHCP) have passedand been signed can be loaded by default. To raise the bar for platform security, Microsoft will maintain an explicit allow list of reputable drivers signed by the cross-signed program.Theallow list ensures a secure and compatible experience for alimited number of widely used, and reputable cross-signed drivers. This new kernel trust policy appliestosystems running Windows 11 24H2, Windows 1125H2,Windows 11 26H1,and Windows Server 2025in theApril 2026Windows update. All futureversions ofWindows11and Windows Server will enforce the new kernel trust policy.

Peter Waxman at the Windows IT Pro Blog

The cross-signed root program was discontinued in 2021, and ran since the early 2000s, so I think it's fair to no longer automatically assume such possibly old and outdated drivers are still to be trusted.