In order to ensure the security of the software, operating system developers generally provide code signatures as proof. Recent events at Microsoft may inadvertently damage the user’s impression of this method. BleepingComputer Refers to Microsoft confirming that they have certified the third-party driver Netfliter. Later, network security researcher Karsten Hahn discovered a few days ago that Netfilter was hiding a rootkit of malicious software circulating in the gaming community and connected to a malicious software control server located in China. But in this case, it is still recognized by the Windows Hardware Compatibility Program.
At this stage, it is still not clear how the rootkit passed Microsoft’s signature certificate this time. They pointed out that the investigation after the accident will help to improve the signature certificate, partner policy and authentication system. No evidence has been found to prove that the author of the malware has stolen any certificates, and Microsoft does not believe that a country is behind the accident.
The developer of Netfilter, Ningbo Zhuozhi Innovative Network Technology, is working with Microsoft to investigate and plug the security vulnerabilities caused by the accident, including the affected hardware. Users will get clean drivers in Windows Update.
Microsoft claims that the malicious software that appeared this time has limited impact because it was originally developed for players and has not been found to affect business users. And according to their explanation, the rootkit will only affect users who have installed Netfiter, and you need to have administrator rights to install this driver. In other words, if you don’t have Netfilter installed, you don’t have to worry about being attacked by malicious software.
Although Microsoft has repeatedly emphasized that the incident will not have a great impact on users, from the standpoint of users, programs certified by Microsoft should be trustworthy. After the incident, even if it is officially provided by the driver or software, users may begin to have reservations about their security. In this incident, Microsoft allowed malicious software to successfully follow the normal procedures to obtain certification without the guise of the sky, which really made this golden-lacquered sign face disgraced.