Microsoft introduced a driver loaded with malware


 

Operating system makers are resorting to code signing to help you stay away from malware, but Microsoft may have inadvertently broken the trust the signing is meant to create. Reports show that Microsoft has confirmed that it has signed on to Netfilter, a third-party malware driver for Windows that has been circulating in the gaming community.


Netfilter has passed through the Windows Hardware Compatibility Program (WHCP). And it connects to the Chinese IP addresses of the command and control servers.


Since Windows Vista, any code that runs in kernel mode must be tested and signed before the public release to ensure the operating system is stable, Han said. It is not possible to install a driver without a Microsoft certificate by default.


It is not clear how the program succeeded during Microsoft's certification signing process. The company said it is investigating what happened and is improving the signing process, partner access, and validation policies.


There is no evidence that the malware's authors stole the certificates, and Microsoft has refrained from attributing the incident to nation-state actors until now. The driver's maker, Ningbo Zhuo Zhi, was working with Microsoft to study and fix any known vulnerabilities, including affected devices.


Users get malware-free drivers through Windows Update. Microsoft said the driver's impact is limited. He was targeting players and was not known to endanger enterprise users. The driver only works after the exploit, according to Microsoft. You must have obtained administrator-level access on the computer to install the driver. In other words, Netfilter should not pose a threat.


Many people think that a signed driver confirms that the driver or program is safe. These users may be reluctant to install new drivers if they are concerned about possible malware. Even if these drivers come directly from the manufacturer.


This incident once again exposed threats to the security of the software supply chain. This time, however, it stemmed from a weakness in Microsoft's code signing process.

1 view0 comments