← All drivers
vulnerable
Driver

pstrip64.sys

PowerStrip display-tuning driver

From EnTech Taiwan
Part of the EnTech family
Status
On a known-vulnerable list
Known variants
1 distinct hashes
Public CVEs
1
Field notes

pstrip64.sys is the kernel driver for PowerStrip, EnTech Taiwan's veteran display-tuning utility. Enthusiasts have used PowerStrip for decades to control monitor timings, custom resolutions, refresh rates, and colour across a wide range of graphics cards, the kind of low-level display control the normal Windows settings never exposed. That is EnTech's other well-known driver alongside the TVicPort toolkit.

It is on the public LOLDrivers list because of CVE-2026-29923: the driver (PowerStrip 3.90.736 and earlier) exposes an IOCTL that lets an unprivileged local user map arbitrary physical memory into their own process. Read/write access to physical RAM is enough to alter kernel structures and escalate to SYSTEM, which is the category of flaw that puts a signed hardware driver on the blocklist.

Why it persists is the familiar bring-your-own-vulnerable-driver pattern: the signed older binary still loads on modern Windows even after the flaw is known, so it can be dropped onto an already-compromised machine as a ready-made kernel primitive.

If you find it, the plain explanation is that PowerStrip was installed to tune a display. Update or remove it; Microsoft's Vulnerable Driver Blocklist will keep the vulnerable build from loading.

What the record shows

pstrip64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Related drivers

Other drivers in the EnTech family. See the whole family →

Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “pstrip64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/pstrip64-sys