WinRing0 Vulnerability
Microsoft has classified the WinRing0 driver as a vulnerability. This driver was historically used by many hardware monitoring applications, including LibreHardwareMonitor, to access low-level system metrics.
As a result of this classification, Windows Defender may block applications using this driver and report them as a
Trojan/Virus (specifically VulnerableDriver:WinNT/WinRing0).
For more technical details, you can refer to the official Microsoft Support article.
Does this affect MoBro?
Yes, MoBro is affected if you are using older versions of our hardware monitoring plugins. Both the LibreHardwareMonitor and MoBroHardwareMonitor plugins rely on LibreHardwareMonitor, which used the flagged WinRing0 driver in older versions.
How to fix this
The developers of LibreHardwareMonitor have already released an updated version that replaces WinRing0 with PawnIO, which is not flagged by Microsoft.
We have already updated our plugins to use this new, secure version.
So to resolve the security alerts, please ensure you are running the following minimum versions:
| Component | Minimum Version |
|---|---|
| MoBro | v1.4.0 |
| LibreHardwareMonitor Plugin | v1.1.0 |
| MoBroHardwareMonitor Plugin | v1.1.0 |
After updating, the WinRing0 driver is no longer used, and Windows Defender should stop reporting MoBro as a threat.