Last Security updates to windows (and other Microsoft products) come with a warning Microsoft About some driver related issues.
Researchers from companies such as SophosAnd Trend Micro And CiscoIn fact, some malware has been reported to multinational companies that have been identified in hundreds of signed Windows drivers. The same, set for February 2023, has been duly ratified before Windows Device Developer Program by Microsoft.
Specifically, it is about 133 casesMost of them are certified, with reports coming in from many quarters. Some drivers/certifications, according to Sophos, may date back to April 2021.
Microsoft took immediate action, blocking the malicious drivers and identifying those responsible. These have been placed on the revocation list Windows.STL driverwhich prevents the operating system from loading them.
Both in the local context and in the context of any servers, system administrators are advised to update both the operating system and any third-party security software, in order to detect any illegal activity related to malware.
Potentially Dangerous Signed Windows Drivers: Here’s What the Experts Discovered
Other services of the Redmond giant, incl Microsoft 365And I visit or Xbox They are not affected by the issue as per Microsoft’s notice.
Microsoft introduced a policy in Windows 10, version 1607 Which requires a valid digital signature for del drives kernels. Window systems secure boot They only enable them to load these drivers and refuse to load any drivers that are not digitally signed.
Sophos notes that many of the digital certificates appear to be of Chinese origin, judging by the names of the companies associated with the certificates.
Sophos researchers discovered two main types of drivers. Some fell into the specified category.”Endpoint protection killers‘, in a case similar to the one we’re dealing with, but discovered in 2022. Others had similar functionality to Rootkit It is designed to run silently in the background.
All malicious drivers reported by Sophos to Microsoft have been revoked and canceled by Microsoft as of July 11, 2023. With Microsoft Defender 1.391.3822.0 And newer versions of the built-in security tool can detect any compromised and malicious drivers.
“Unable to type with boxing gloves on. Freelance organizer. Avid analyst. Friendly troublemaker. Bacon junkie.”