Microsoft admits to signing Chinese rootkit kernel driver

Reading time icon 2 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Microsoft is currently in the process of forcing all Windows 11 users to move to PCs that support TPM 2.0, with the hope that the cryptographic security this provides will make malware a thing of the past.

That is all for nought however if Microsoft themselves officially sign malware, thereby giving them free rein of their operating system.

Microsoft has admitted to signing the Netfilter rootkit, a malicious kernel driver which is being distributed with Chinese games and which communicates with Chinese Command and Control servers.

It appears the company defeated Microsoft’s security simply by following normal procedures, and submitting the driver as any normal company would.

“Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments,” Microsoft notes. “The actor submitted drivers for certification through the Windows Hardware Compatibility Program. The drivers were built by a third party.”

“We have suspended the account and reviewed their submissions for additional signs of malware,” said Microsoft yesterday.

The driver communicates with Chinese servers which are suspected to be under Chinese military control and has the ability to update itself, meaning hackers can run arbitrary code on your PC in the security context of your kernel.

Microsoft is still investigating the issue, and has not attributed the exploit of Microsoft’s procedures to a state actor yet, but the issue does rather make a joke of Microsoft’s security via cryptography agenda.

Read more detail at BleepingComputer here.

More about the topics: microsoft, security