 |
| Microsoft introduced a malware driver |
Operating system manufacturers rely on code signing to keep you away from malware, but Microsoft can inadvertently break the trust the signature is designed to create.
Microsoft has reportedly confirmed the signing of Netfilter, a malicious third-party driver software for Windows circulating in the gaming community.
Netfilter has passed the Windows Hardware Compatibility Program (WHCP). Security researcher Karsten Hahn discovered that he was communicating with the Chinese IP address of the command and control server.
Han said that starting with Windows Vista, any code that runs in kernel mode should be tested and signed before it is released to ensure the operating system is stable. Drivers without a Microsoft certificate cannot be installed by default.
It is not clear how the program will succeed in Microsoft's certification process. The company said it is investigating what happened and improving the signing process, partner access and verification policies.
There is no evidence that the malware author stole the certificate, and Microsoft has yet to blame government agencies for the incident.
Driver manufacturer Ningbo Zhuozhi is working with Microsoft to find and fix all known security vulnerabilities, including affected devices.
Users can obtain malware-free drivers through Windows Update.
Microsoft confirmed
Microsoft states that the driver's effect is limited. Its goal is for gamers and will not put corporate users at risk.
According to Microsoft, the driver will only work if the vulnerability is exploited. You must have administrative access on your computer to install the driver. In other words, Netfilter should not pose a threat.
Many people believe that signing up for a pilot project confirms that the pilot project or program is safe.
If these users are concerned about the possibility of malware, they may be reluctant to install new drivers. These drivers also come directly from the manufacturer.
This incident once again exposed the security threats to the software supply chain. However, this time it stems from a vulnerability in Microsoft's code signing process.