Operating system makers resort to code signing to help you stay away from malware, but Microsoft may have inadvertently broken the trust the signing is meant to create.
Netfilter has passed through the Windows Hardware Compatibility Program (WHCP). And it connects to the Chinese IP addresses of the command and control servers, as is found Security researcher Karsten Hahn.
Read also: Google supports media applications by reducing its commission
Since Windows Vista, any code that runs in kernel mode must be tested and signed before the public release to ensure the operating system is stable, Han said. It is not possible to install a driver without a Microsoft certificate by default.
It is not clear how the program succeeded during Microsoft’s certification signing process. The company said it is investigating what happened and is improving the signing process, partner access and validation policies.
There is no evidence that the malware’s authors stole the certificates, and Microsoft has refrained from attributing the incident to nation-state actors until now.
The driver’s maker, Ningbo Zhuo Zhi, was working with Microsoft to study and fix any known vulnerabilities, including affected devices.
Users get malware-free drivers through Windows Update.
Also Read: How to Watch Windows 11 Event from Microsoft
Microsoft said the driver’s impact is limited. He was targeting players, and was not known to endanger enterprise users.
The driver only works after the exploit, according to Microsoft. You must have obtained administrator-level access on the computer to install the driver. In other words, Netfilter should not pose a threat.
Many people think that a signed driver confirms that the driver or program is safe.
Read also: Apple warns of the dangers of installing unapproved apps
These users may be reluctant to install new drivers if they are concerned about the possibility of malware. Even if these drivers come directly from the manufacturer.
This incident once again exposed threats to the security of the software supply chain. This time, however, it stemmed from a weakness in Microsoft’s code signing process.