Skip to main content

Microsoft admits certifying a driver loaded with rootkit malware, says 'small number' of customers compromised by SolarWinds hackers

posted onJune 29, 2021
by l33tdawg
computing.co.uk
Credit: computing.co.uk

Software giant Microsoft has acknowledged that it mistakenly signed a malicious driver for Windows, which was loaded with rootkit malware. The driver, named Netfilter, was observed to be communicating with Chinese command-and-control (C2) servers, according to media reports.

"Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments," the firm said in an online post published on Friday. The company disclosed that the drivers were built by a third party and were submitted for certification through the Windows Hardware Compatibility Program.

The account that was used by the malicious actor has been suspended, and the company says it is reviewing their submissions for additional signs of malware. There is no evidence to suggest that the malicious actors stole certificates, and Microsoft did not attribute the incident to state-sponsored actors. The company said that the threat actor has used the malicious drivers to mainly target the gaming sector specifically in China, and no impact has been observed on enterprise environments so far.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th