segwindrvx64.sys
Insyde SEG BIOS-tool driver
segwindrvx64.sys is a kernel driver from Insyde Software's BIOS update tooling, part of the same broad family as American Megatrends' AMIFLDRV64 and Phoenix's WinFlash. Insyde supplies firmware to many laptop and motherboard OEMs, which is why this driver tends to show up on machines after a BIOS update run from a vendor utility.
CVE-2024-33228 documents that older versions (100.00.09.01 and earlier) allowed any local user to read and write kernel memory, model-specific registers, and I/O ports through the driver's IOCTL interface. Microsoft Defender now identifies older copies as Program:Win32/VulnInsydeDriver.A and refuses to load them under the Vulnerable Driver Blocklist.
Like every BIOS-tool driver, the access surface that lets a firmware update happen is the access surface a misuse case wants. Code-signing certificates are not revoked on a kernel-driver CVE the way an SSL certificate would be, so older signed builds keep loading until the OS-level blocklist catches them.
If you find it on your system after a BIOS update, that is expected. Use your OEM's current firmware-update utility; if Windows starts blocking the older tool, the blocklist is doing its job.
segwindrvx64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “segwindrvx64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/segwindrvx64-sys
