tbt_force_power_control_access64.sys
Wistron TBT Force Power Control driver (Thunderbolt OEM utility)
tbt_force_power_control_access64.sys is Wistron Corporation's helper driver for Thunderbolt 'force-power' control, the mechanism that wakes a Thunderbolt dock controller out of low-power state long enough for firmware queries or updates. The underlying force-power feature is an Intel-defined ACPI and WMI capability; this specific driver is Wistron's implementation. Wistron is one of the major ODMs that builds laptops for the consumer brands (HP, Dell, Lenovo, Acer, and others), so the driver shows up on machines from a wide range of vendors.
CVE-2024-33226 (CVSS 9.9, Critical, published 2024-05-22) documents that the driver hands the kernel-level access path to any local caller without verifying privilege, in TBT Force Power Control v1.0.0.0.
If you have a Thunderbolt dock and have used the OEM Thunderbolt utility on your laptop, the driver is expected. If you do not use Thunderbolt, removing the OEM Thunderbolt utility removes it. Microsoft's Vulnerable Driver Blocklist blocks older builds from loading.
tbt_force_power_control_access64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “tbt_force_power_control_access64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/tbt-force-power-control-access64-sys
