Microsoft screwed up and approved a driver that was actually malware targeted at gamers
Oops, we guess?
Microsoft had a snafu with its driver signing process and accidentally signed a rootkit that was communicating with Chinese-based IP servers. First noticed by security researchers at G Data, Microsoft later confirmed to BleepingComputer that the “Netfilter” driver was erroneously signed.
That’s bad, as any driver with a Microsoft Certificate is seen as okay by the operating system, which lets them install without workarounds. This particular driver seems to have been accidentally signed, after the threat actor submitted the malicious code to Microsoft’s usual certification process, the normal process to get signed drivers.
It’s not clear at this point how the malware got through the signing process, with Microsoft saying that it’s investigating what happened. Microsoft has also said that the driver seemed to be targeting gamers in China specifically, and there are no indications of enterprise-level environments being affected.
The company, Ningbo Zhuo Zhi Innovation Network Technology Co., Ltd, has also had their developer account suspended, with Microsoft rechecking all of their other submissions for further malware.
The big news here isn’t so much the driver, but that it made it through the supposedly secure signing process. That process is one of the trust factors underpinning modern computing environments, and anything eroding that trust makes the world less safe.
It’s not hard to see people delaying software updates or other upgrades based on security fears, and those updates often fix critical security holes.
- When will Microsoft release Windows 11?
- Microsoft joins Apple by becoming the second tech company to hit the $2 trillion market cap
- Apparently, Apple thinks the level of malware on macOS is ‘unacceptable’
- Hackers are trolling wannabe cheaters in Call of Duty: Warzone with malware disguised as cheats