The only fix? Deleting the driver’s biometric database from C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc and re-enrolling. For enterprise IT admins, this became a weekly ritual. More concerning than simple bugs were the security researchers poking at Hello’s driver interface. In 2023, a Black Hat talk demonstrated a DLL injection attack into the biometric service’s driver-loading routine. By spoofing a legitimate sensor driver’s Device ID, the researcher could intercept the authentication handshake and replay a valid “user verified” token from a stolen system dump.
The fix? A driver update that Microsoft had to force via Windows Update’s “Driver Block Rules” list—a kill switch for bad biometric drivers. At Build 2025, Microsoft hinted at a radical shift: moving biometric matching entirely into the Pluton security processor . In this model, there is no “Windows Hello driver” in the traditional sense. The OS would only see a generic “secure input” device. The matching, the template storage, and the attestation would happen inside Pluton, with the driver reduced to a thin mailbox.
If that happens, the era of the broken Hello driver—of mysterious “Something went wrong” errors and fingerprint sensor disappearing after updates—might finally end.
The culprit? A corrupted . Specifically, a file called NgcSet.ndb —the database that stores biometric templates encrypted per device. After certain Windows Update cycles, the driver would desync from the Trusted Platform Module (TPM). The result: the hardware was screaming “I recognize you,” but the driver was saying, “I don’t trust that answer.”
A 2024 analysis by a firmware security firm found that three popular laptop models shipped with Hello drivers that in certain power-save modes. Why? To save 50 milliseconds of boot time. The driver would skip checking the TPM’s signed nonce if the system resumed from sleep. That meant a malicious USB device could pretend to be a Hello camera and unlock the PC.