Home / Technology / Microsoft signs drivers that load rootkit malware

Microsoft signs drivers that load rootkit malware

Operating system creators offer code signing to help you avoid hostile software, but Microsoft may inadvertently destroy the trust it intends to create. computer sleep It said Microsoft has confirmed it has signed Netfilter, a third-party driver for Windows that contains rootkit malware spreading among the gaming community. It goes through the Windows Hardware Compatibility Program (WHCP), even connecting to malware commands and control servers in China, according to security researcher Karsten Hahn several days ago.

It’s unclear how rootkits go through Microsoft’s certificate signing process, although the company says it’s investigating what happened and will “tweak”

; the signing process. Partner Access Policy and validation There is no evidence that malware authors stole certificates, and Microsoft doesn’t believe this is the work of state-sponsored hackers.

Driver maker Ningbo Zhuo Zhi Innovation Network Technology is working with Microsoft to study and fix known security vulnerabilities. including affected hardware Users can get clean drivers through Windows Update.

Microsoft says rogue drivers have limited impact It is aimed at gamers and is not known to invade enterprise users. “Post-exploitation” according to Microsoft — you need administrative access on your PC to install the drivers. Netfilter shouldn’t be a threat. unless you try to load it. in other words

Still, this incident was not entirely comforting. Many people view a signed driver as confirmation that the driver or program is safe. Those users may hesitate to install new drivers in a timely manner if they are concerned that malware may be present. Even if those drivers come directly from the manufacturer.

All products recommended by Engadget are handpicked by our editorial team. independent of our parent company Some of our stories have affiliate links. If you bought something through one of these links: We may earn affiliate commissions.

Source link