bsitf.sys
ASUS WinFlash BIOS update driver
bsitf.sys is the kernel driver bundled with ASUS WinFlash, the vendor utility for flashing UEFI BIOS images on ASUS motherboards. Despite the 'bs' prefix, it is not part of the BIOSTAR family (bs_hwmio64_w10.sysDriverbs_hwmio64_w10.sysBIOSTAR hardware I/O driverOpen plate →, bs_i2cio.sysDriverbs_i2cio.sysBIOSTAR I2C interface driverOpen plate →, bs_rcio.sysDriverbs_rcio.sysBIOSTAR RACING GT Evo motherboard utility driverOpen plate →); the prefix is unrelated, and the file is signed by ASUSTeK. It lives in the same vendor family as the other ASUS hardware-access drivers already on the LOLDrivers list.
The driver exposes the low-level memory and I/O access a BIOS rewrite requires. No CVE is assigned; it is on the list for the access surface. After WinFlash finishes a BIOS update, the .sys file routinely persists on disk, and a signed kernel driver with a powerful interface becomes a known BYOVD candidate.
If you find it on your system and you are not actively running a BIOS update, removing the leftover WinFlash install is a clean step. Microsoft's Vulnerable Driver Blocklist blocks older builds from loading.
bsitf.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “bsitf.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/bsitf-sys
