Connect with us


Microsoft screwed up and approved a driver that was actually malware targeted at gamers

Oops, we guess?

microsoft 365 on macbook
Image: KnowTechie

Microsoft had a snafu with its driver signing process and accidentally signed a rootkit that was communicating with Chinese-based IP servers. First noticed by security researchers at G Data, Microsoft later confirmed to BleepingComputer that the “Netfilter” driver was erroneously signed.

That’s bad, as any driver with a Microsoft Certificate is seen as okay by the operating system, which lets them install without workarounds. This particular driver seems to have been accidentally signed, after the threat actor submitted the malicious code to Microsoft’s usual certification process, the normal process to get signed drivers.

It’s not clear at this point how the malware got through the signing process, with Microsoft saying that it’s investigating what happened. Microsoft has also said that the driver seemed to be targeting gamers in China specifically, and there are no indications of enterprise-level environments being affected.

The company, Ningbo Zhuo Zhi Innovation Network Technology Co., Ltd, has also had their developer account suspended, with Microsoft rechecking all of their other submissions for further malware.

The big news here isn’t so much the driver, but that it made it through the supposedly secure signing process. That process is one of the trust factors underpinning modern computing environments, and anything eroding that trust makes the world less safe.

It’s not hard to see people delaying software updates or other upgrades based on security fears, and those updates often fix critical security holes.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Click to comment
Notify of
Inline Feedbacks
View all comments

More in Microsoft