Home » Microsoft signed a driver loaded with rootkit malware

Microsoft signed a driver loaded with rootkit malware

Operating system creators offer code signing to help you steer clear of hostile software, but Microsoft may have inadvertently broken the trust that signing is meant to create. BleepingComputer says Microsoft has confirmed that it signed Netfilter, a third-party driver for Windows containing rootkit malware that circulated in the gaming community. It passed through the Windows Hardware Compatibility Program (WHCP) despite connecting to malware command and control servers in China, as security researcher Karsten Hahn found days earlier.

It’s not clear how the rootkit made it through Microsoft’s certificate signing process, although the company said it was investigating what happened and would be “refining” the signing process, partner access policies and validation. There’s no evidence the malware writers stole certificates, and Microsoft didn’t believe this was the work of state-sponsored hackers.

The driver maker, Ningbo Zhuo Zhi Innovation Network Technology, was working with Microsoft to study and patch any known security holes, including for affected hardware. Users will get clean drivers through Windows Update.

Microsoft said the rogue driver had a limited impact. It was aimed at gamers, and isn’t known to have compromised enterprise users. Also, the rootkit only works “post exploitation,” according to Microsoft — you need to have already obtained administrator-level access on a PC to install the driver. Netfilter shouldn’t pose a threat unless you go out of your way to load it, in other words.

Even so, the incident isn’t entirely comforting. Many people see a signed driver as confirming that a driver or program is safe. Those users might be hesitant to install new drivers in a timely fashion if they’re worried there might be malware, even if those drivers come straight from the manufacturer.

All products recommended by Stock Market Pioneer are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

About the author


Janice Tilson

Janice has been phenomenal in the success of Stock Market Pioneer. She is the super dedicated types, always glued to her computer. She talks less, but when it comes to work, she is behind none. She is a tech geek and contributes to the technology section of Stock Market Pioneer.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *