adrmdrvsys.sys
ADLINK PXI Platform Services driver (industrial instrumentation)
adrmdrvsys.sys is a kernel driver from ADLINK Technology, a vendor of industrial test-and-measurement hardware. It is a component of ADLINK PXI Platform Services, the driver software for ADLINK's PXI and PXIe instrumentation controllers. This is industrial gear; the driver is uncommon on a gaming PC.
Researchers at Northwave Cyber Security (Tijme Gommers, Jan-Jaap Korpershoek, and Alex Oudenaarden) published an advisory describing a flaw that lets a low-privileged local user reach physical memory through the driver, which can be used to read kernel memory and escalate privileges. ADLINK was notified and the finding was published; a CVE was requested but, as of this writing, none is confirmed assigned. Be aware that some third-party databases incorrectly attach an unrelated Citrix CVE (CVE-2024-7889) to this driver; that mapping is wrong.
If adrmdrvsys.sys is on your system and you do not use ADLINK instrumentation software, identify what installed it and remove it. Microsoft's Vulnerable Driver Blocklist blocks known-bad builds from loading.
adrmdrvsys.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “adrmdrvsys.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/adrmdrvsys-sys
