From f4a055c16207972430e4af811c811ecb4481bbe8 Mon Sep 17 00:00:00 2001
From: tbaker57 <tim.h.baker@gmail.com>
Date: Mon, 25 Nov 2024 04:53:21 +1000
Subject: [PATCH] Update drvstore.yml (#93)

Co-authored-by: Wietze <wietze@users.noreply.github.com>
---
 yml/microsoft/built-in/drvstore.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/yml/microsoft/built-in/drvstore.yml b/yml/microsoft/built-in/drvstore.yml
index b361f570..658f6b3f 100644
--- a/yml/microsoft/built-in/drvstore.yml
+++ b/yml/microsoft/built-in/drvstore.yml
@@ -23,9 +23,16 @@ VulnerableExecutables:
   - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
     Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
     Type: Catalog
+- Path: 'hvciscan_amd64.exe'
+  Type: Sideloading
+  ExpectedSignatureInformation:
+  - Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
+    Type: Catalog
 Resources:
 - https://securityintelligence.com/posts/windows-features-dll-sideloading/
 - https://github.com/xforcered/WFH
+- https://www.microsoft.com/en-us/download/details.aspx?id=105437
 Acknowledgements:
 - Name: Chris Spehn
   Twitter: '@ConsciousHacker'