Microsoft. (image credit: Reuters)
According to Microsoft the rootkit only works “after exploit” – requiring users to have administrator-level access to the PC to install the driver.
Code signing is the process of digitally signing executables and scripts for software authors to verify and guarantee users that a code has not been changed or corrupted. The operating system uses code signing to help users avoid malicious software. Microsoft Looks like a specific code signature got messed up with. The company has confirmed that it accidentally signed a malicious driver for Windows that contains rootkit malware. A report by Bleeping Computer stated that a third-party driver named netfilter was said to communicate with a Chinese command-and-control server. Security researcher Carsten Hahn first detected the malicious driver last week, the report said.
Last week, security researchers flagged what appeared to be a ‘false positive’, but it was not. The driver (netfilter) was seen communicating with a command and control server based in China. The driver did not provide any valid functionality and thus raised suspicion. It’s unclear how the driver containing the rootkit malware made it through Microsoft’s certificate signing process, although the company said it was investigating what happened and that the signing process would be ‘refined’. There is also no evidence to show that malware developers stole Microsoft’s certificates. Microsoft believes this was not the work of state-sponsored hackers.
The driver’s manufacturer, named Ningbo Zhuo Zhi Innovation Network Technology, was working with Microsoft to study and patch any known security holes, including the affected hardware. Users will get clean drivers through Windows Update. Microsoft said the rogue driver had limited impact and was aimed at gamers. It is not known whether it has compromised any enterprise users.
According to Microsoft the rootkit only works “after exploit” – requiring users to have administrator-level access on a PC to install the driver. Simply put, Netfilter should pose no threat as long as users don’t go out of their way to load it. .
read all Breaking News, today’s fresh news and coronavirus news Here
.