Microsoft admits to signing Chinese rootkit kernel driver

Microsoft is currently in the process of forcing all Windows 11 users to move to PCs that support TPM 2.0, with the hope that the cryptographic security this provides will make malware a thing of the past.

That is all for nought however if Microsoft themselves officially sign malware, thereby giving them free rein of their operating system.

Microsoft has admitted to signing the Netfilter rootkit, a malicious kernel driver which is being distributed with Chinese games and which communicates with Chinese Command and Control servers.

It appears the company defeated Microsoft’s security simply by following normal procedures, and submitting the driver as any normal company would.

“Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments,” Microsoft notes. “The actor submitted drivers for certification through the Windows Hardware Compatibility Program. The drivers were built by a third party.”

“We have suspended the account and reviewed their submissions for additional signs of malware,” said Microsoft yesterday.

The driver communicates with Chinese servers which are suspected to be under Chinese military control and has the ability to update itself, meaning hackers can run arbitrary code on your PC in the security context of your kernel.

Microsoft is still investigating the issue, and has not attributed the exploit of Microsoft’s procedures to a state actor yet, but the issue does rather make a joke of Microsoft’s security via cryptography agenda.

Read more detail at BleepingComputer here.