Oem9.inf |best| Here

An attacker places a vulnerable driver on the system. Windows, seeing a legitimate digital signature, installs it and assigns it a name like oem9.inf . Once installed, the attacker uses the specific flaws in that driver to gain kernel-level access to the system, effectively taking full control.

Below is a blog post template designed to help users identify and troubleshoot this specific driver. oem9.inf

Identify all oem*.inf files referencing the same device class and delete older versions. An attacker places a vulnerable driver on the system

Windows Update sometimes fails if a driver in the store is corrupt. Check C:\Windows\INF\setupapi.dev.log for lines containing oem9.inf . seeing a legitimate digital signature