Microsoft Accidentally Approves Malware Entering Its Operating System Driver
JAKARTA - Before providing digital certificates and approving them, Microsoft usually tests drivers to be installed in their operating systems on Windows. However, somehow, a third-party driver named Netfilter managed to pass that test without being detected as malware.
Summarized from Engadget, Monday, June 28, a security researcher Karsten Hahn, found that Microsoft has given access to Netfilter, which is a driver that has rootkit malware in it.
Hahn said these drivers bypass the Windows Hardware Compatibility Program (WHCP) which then connects to a malware command and control server in China. Usually, this malware is found in popular gaming communities.
However, Hahn did not explain further how the rootkit managed to get through Microsoft's certificate signing process. They are currently investigating what happened and will improve the signing process, partner access policy, and validation.
Interestingly, until now there is no evidence that malware authors stole company certificates. Microsoft also said they did not believe this was the work of state-sponsored hackers.
SEE ALSO:
Driver maker Ningbo Zhuo Zhi Innovation Network Technology is working with Microsoft to study and patch the existing security holes. Users will get clean drivers via Windows Update.
Microsoft disclosed that the malware in the driver had a limited impact. This malware is aimed at gamers, and it is not known if it has harmed users.
Rootkits according to Microsoft also only work post-exploit. The user must grant administrator-level access on the PC to install the drivers. Netfilter shouldn't pose a threat unless the user puts a lot of effort into it.