← All drivers
vulnerable
Driver

segwindrvx64.sys

Insyde SEG BIOS-tool driver

From Insyde Software
Part of the Insyde family
Status
On a known-vulnerable list
Known variants
2 distinct hashes
Public CVEs
1
Field notes

segwindrvx64.sys is a kernel driver from Insyde Software's BIOS update tooling, part of the same broad family as American Megatrends' AMIFLDRV64 and Phoenix's WinFlash. Insyde supplies firmware to many laptop and motherboard OEMs, which is why this driver tends to show up on machines after a BIOS update run from a vendor utility.

CVE-2024-33228 documents that older versions (100.00.09.01 and earlier) allowed any local user to read and write kernel memory, model-specific registers, and I/O ports through the driver's IOCTL interface. Microsoft Defender now identifies older copies as Program:Win32/VulnInsydeDriver.A and refuses to load them under the Vulnerable Driver Blocklist.

Like every BIOS-tool driver, the access surface that lets a firmware update happen is the access surface a misuse case wants. Code-signing certificates are not revoked on a kernel-driver CVE the way an SSL certificate would be, so older signed builds keep loading until the OS-level blocklist catches them.

If you find it on your system after a BIOS update, that is expected. Use your OEM's current firmware-update utility; if Windows starts blocking the older tool, the blocklist is doing its job.

What the record shows

segwindrvx64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “segwindrvx64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/segwindrvx64-sys