← All drivers
vulnerable
Driver

winring0x64.sys

Open-source hardware monitoring driver (the 'OEM glue' driver)

From OpenLibSys (open source)
Part of the OpenLibSys family
Status
On a known-vulnerable list
Known variants
2 distinct hashes
Field notes

WinRing0x64.sys is an open-source kernel driver originally written to give user-mode hardware-monitoring tools direct read/write access to processor MSRs, PCI configuration space, and I/O ports. Because it is freely available and signed, dozens of unrelated third-party utilities embed it: temperature monitors, fan-curve tools, mining utilities, RGB controllers, overclocking helpers, peripheral software. If you have ever installed a small hardware utility on a gaming PC, there is a real chance you have a copy of WinRing0 on disk.

It is on the public LOLDrivers list for that very reason. Its IOCTL interface gives any caller broad hardware access by design; that was the point of the project. In a normal install it is a convenience; in a BYOVD scenario it is a ready-made primitive that does not even require a CVE to be useful.

Its presence on a system almost always means a hardware-monitoring utility you (or a previous install) put there. Identify which utility shipped it, and update or uninstall accordingly.

What the record shows

winring0x64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Related drivers

Other drivers in the OpenLibSys family. See the whole family →

Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “winring0x64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/winring0x64-sys