Home / News / Malicious software from China passed Microsoft’s certification process

Security researcher Karsten Hahn has found that Microsoft certified a piece of driver software called Netfilter, which contained a rootkit connecting to servers in China. “Microsoft is investigating a malicious actor distributing drivers within gaming environments. The actor submitted drivers for certification through the Windows Hardware Compatibility Programme. The drivers were built by a third party. We have suspended the account and reviewed their submissions for additional signs of malware," Microsoft said, confirming the mistake.

Since driver software act as an interface between the operating system (OS) and various hardware devices, they have unprecedented access to a computer system. As a result, malicious code built into such software is a serious security threat to enterprises and users. Microsoft, like most other operating system (OS) makers, issues security certificates for driver software meant for its platform. Such software is required to run various kinds of hardware with Windows.

Rootkit malware are software that allow attackers to gain unauthorized access and control of devices. Manufacturers have to get their driver software certified by the tech giant through the Windows Hardware Compatibility Programme (WHCP). The certificate is essentially a stamp of approval, which tells the user that the driver software can be trusted.

Microsoft said that it had seen no evidence that the infrastructure behind its WHCP signing certificate has been compromised. It also said that the threat actor’s activity was limited to the gaming sector and specifically in China. It did not target enterprise users. “The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers," the company said in a blog post.

The Windows maker is working with third parties to provide a patch for the malware, and said it would ship the update as soon as the publisher issues the patch. Windows Defender, which is Windows’ built-in security tool, will also block the affected versions of the driver in order to stop users from downloading more copies of it.


Prasid Banerjee

An engineering dropout, Prasid Banerjee has reported on technology in India for various publications. He reports on technology through text and audio, focusing on its core aspects, like consumer impact, policy and the future.
Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
More Less

Recommended For You

Trending Stocks

Get alerts on WhatsApp
Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout