Microsoft will enhance Windows 11 stability by tightening driver requirements

Microsoft strengthens Windows 11 reliability: new driver signing rules

This year Microsoft announced plans to increase the stability and performance of Windows 11. The reason is observed reliability issues in corporate environments where many computers run on older hardware.

What’s changing
* Outdated cross-certificates are no longer considered trusted

In early 2000, Microsoft launched the Cross‑Certification Program, which issued partners certificates for signing drivers. The program was closed in 2021, and all issued certificates expired. Nevertheless, the Windows kernel continued to recognize them as trusted.

* Starting in April

The kernel will stop accepting drivers signed with these outdated certificates by default. Instead, only signatures from the *Windows Hardware Compatibility Program (WHCP)*—the official hardware compatibility verification channel—will be allowed.

* Exception for vetted legacy drivers

To maintain compatibility with legacy hardware, the ability to load drivers that previously passed cross‑certification checks will remain available. This preserves support for older devices, but only if they have been pre‑verified.

* Scope

The new rule will take effect for Windows 11 releases 24H2, 25H2, 26H1, as well as Windows Server 2025 and all future client/server releases.

How it will work in practice
* Audit module – During the initial period, the new policy will only log. The system records OS uptime and reboot counts to understand how many devices are encountering restrictions.

* Configurable protection – Administrators can enable *Application Control for Business* to override the kernel’s default rules. This is especially useful in scenarios where third‑party drivers are needed for internal use.

Bottom line
Microsoft aims to balance security and compatibility: removing obsolete certificates from the trusted list while still providing a path to vetted legacy drivers. This will allow corporate customers to move to a more reliable platform without losing support for legacy hardware.