Microsoft Accidentally Signs Malicious Driver Distributed Within Gaming Environments

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
12,268
Points
113
microsoft-logo-gray-1024x576.jpg
Image: Microsoft



Microsoft has confirmed that it recently signed off on a malicious driver that was being distributed within gaming environments. Dubbed “Netfilter” and initially documented by G DATA malware analyst Karsten Hahn, the malicious driver is a rootkit that raised serious suspicions after it was found communicating with Chinese command-and-control (C2) IPs. Microsoft has clarified that there is no evidence of stolen code-signing certificates being used by the malicious actors, but it still isn’t clear what the company meant by “gaming environments.” All Microsoft has said is that the activity is “limited to the gaming sector specifically in China”; no specific platforms or services are named in its blog post...
Click to expand...

Continue reading...


 
MadMummy76 said:
This just goes to show that driver signing is meaningless, they literally do nothing not even look at it.
Click to expand...
I would say - it does shift the liability to Microsoft when crap like this happens.

And for the most part, it does keep random "drivers" out there from being used - it still needs a certificate so it still has to go through some process, as opposed to just being thrown out there on a random download link (or worse, drive-by installed from a bad web page).
 
Brian_B said:
I would say - it does shift the liability to Microsoft when crap like this happens.
Click to expand...
I'm pretty sure there is a clause in their driver signing contract that they are not liable for any damages caused by the driver.
Yeah, they might loose a bit of face, but that's really meaningless while they are a monopoly.

And for the most part, it does keep random "drivers" out there from being used - it still needs a certificate so it still has to go through some process, as opposed to just being thrown out there on a random download link (or worse, drive-by installed from a bad web page).
Click to expand...
Well this proves that it doesn't keep random drivers from being used. It seems that their "certificate" process is to literally slap the certificate on it. Much like the paid 80+ certifications for PSUs.

I was always of the mind that their signing was more of a hinderance than actual quality added to drivers.
 
You must log in or register to reply here.
Become a Patron!
Back
Top