Press "Enter" to skip to content

Microsoft signed a driver loaded with rootkit malware

Operating system creators supply code signing that can assist you keep away from hostile software, however Microsoft might have inadvertently damaged the belief that signing is supposed to create. BleepingComputer says Microsoft has confirmed that it signed Netfilter, a third-party driver for Windows containing rootkit malware that circulated within the gaming group. It handed by means of the Windows Hardware Compatibility Program (WHCP) regardless of connecting to malware command and management servers in China, as safety researcher Karsten Hahn found days earlier.

It’s not clear how the rootkit made it by means of Microsoft’s certificates signing course of, though the company stated it was investigating what occurred and could be “refining” the signing course of, accomplice entry insurance policies and validation. There’s no proof the malware writers stole certificates, and Microsoft did not imagine this was the work of state-sponsored hackers.

The driver maker, Ningbo Zhuo Zhi Innovation Network Technology, was working with Microsoft to check and patch any recognized safety holes, together with for affected {hardware}. Users will get clear drivers by means of Windows Update.

Microsoft stated the rogue driver had a restricted affect. It was geared toward players, and is not recognized to have compromised enterprise customers. Also, the rootkit solely works “post exploitation,” in keeping with Microsoft — it’s good to have already obtained administrator-level entry on a PC to put in the driver. Netfilter should not pose a risk until you exit of your option to load it, in different phrases.

Even so, the incident is not solely comforting. Many individuals see a signed driver as confirming that a driver or program is secure. Those customers is perhaps hesitant to put in new drivers in a well timed trend in the event that they’re apprehensive there is perhaps malware, even when these drivers come straight from the producer.

All merchandise beneficial by Engadget are chosen by our editorial crew, unbiased of our mum or dad company. Some of our tales embody affiliate hyperlinks. If you purchase one thing by means of certainly one of these hyperlinks, we might earn an affiliate fee.