Skip to main content

WinRing0 Vulnerability

Microsoft has recently classified the WinRing0 driver as a vulnerability. This driver is still used by a lot of hardware monitoring applications, including LibreHardwareMonitor.
As a result of this change, these applications will now be blocked by Windows Defender and reported as possible Trojan/Virus.

More info on this here: https://support.microsoft.com/en-us/windows/microsoft-defender-antivirus-alert-vulnerabledriver-winnt-winring0-eb057830-d77b-41a2-9a34-015a5d203c42

What does this mean for MoBro?

MoBro is affected by this as both the LibreHardwareMonitor plugin as well as the MoBroHardwareMonitor plugin both make use of LibreHardwareMonitorLib to fetch metrics, and that library currently accesses the now flagged WinRing0 driver.
As soon as there is an official new version of LibreHardwareMonitor available, we will update both plugins which should resolve the situation.

What can I do?

There is no immediate danger and our plugins are still safe to use and not a Virus!
LibreHardwareMonitor (like many other monitoring tools) just still uses this old, no longer maintained driver that could also be exploited by a malicious program. Microsoft decided to now flag the usage of this driver.

Until this is resolved, you currently have the following options:

  • Stop using the affected plugins for now: LibreHardwareMonitor, MoBroHardwareMonitor
  • Manually add an exception for Windows defender like described in the linked post from Microsoft.
    (Path to the plugins: C:\Users[YOUR_USER]\AppData\Roaming\mobro-data\service\plugins[PLUGIN])
  • Manually replace the LibreHardwareMonitorLib.dll in the plugin directory with the most recent nightly build