Microsoft admits certifying a driver loaded with rootkit malware, says 'small number' of customers compromised by SolarWinds hackers
Software giant Microsoft has acknowledged that it mistakenly signed a malicious driver for Windows, which was loaded with rootkit malware. The driver, named Netfilter, was observed to be communicating with Chinese command-and-control (C2) servers, according to media reports.
"Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments," the firm said in an online post published on Friday. The company disclosed that the drivers were built by a third party and were submitted for certification through the Windows Hardware Compatibility Program.
The account that was used by the malicious actor has been suspended, and the company says it is reviewing their submissions for additional signs of malware. There is no evidence to suggest that the malicious actors stole certificates, and Microsoft did not attribute the incident to state-sponsored actors. The company said that the threat actor has used the malicious drivers to mainly target the gaming sector specifically in China, and no impact has been observed on enterprise environments so far.