Techrecipe

Microsoft accidentally issued a signature for a driver containing malicious code

Microsoft provides code signing to eliminate software tampering and spoofing, and to prove to users that the software is genuine.

According to reports, however, Microsoft has signed a third-party Windows driver software Netfilter, which includes a tool called rootkit, which takes away the root privileges of a computer after an intrusion and allows it to do whatever it wants.

Security researcher Karsten Hahn, who first discovered this, pointed out that Microsoft Uni bypassed the hardware compatibility program WHCP check, even though the driver was linked to a Chinese malware command & control (C&C) server not long ago. .

It’s unknown why this happened, but Microsoft immediately said they were investigating the issue and improved the signature process or third-party access policy validation. Microsoft also added that it does not believe the issue involves a group of hackers who have obtained hostile support.

The already troubled driver manufacturer (Ningbo Zhuo Zhi Innovation Network Technology) has released a patch containing the affected software, revealing a security hole. Users can apply it via Windows Update, so keeping Windows up to date should not be a problem.

According to Microsoft’s explanation, NetFilter is a game-only software, so it is rarely installed in a corporate environment. In addition, since driver installation requires administrator privileges, it is not a problem unless IT administrators intentionally introduce it in enterprises. However, the fact that a signed driver contains a rootkit is an event that reverses the signature trust. Related information can be found here.

lswcap

lswcap

Through the monthly AHC PC and HowPC magazine era, he has watched 'technology age' in online IT media such as ZDNet, electronic newspaper Internet manager, editor of Consumer Journal Ivers, TechHolic publisher, and editor of Venture Square. I am curious about this market that is still full of vitality.

Add comment

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most discussed

%d 블로거가 이것을 좋아합니다: