.png){kind=logo}
Microsoft has recently announced it has suspended several third-party developer accounts that submitted malicious Windows drivers for Microsoft to digitally sign so that the code could be used in cyberattacks. In tandem with its Patch Tuesday rollout this week, the tech giant also revoked certificates used to sign the bad drivers and promised to put in place measures to put stop to organizations from loading the malicious code.
These preventive measures taken by Microsoft come after eggheads at Google-owned Mandiant, SentinelOne, and Sophos informed Microsoft in October that multiple cybercrime gangs were using malicious third-party-developed Microsoft-signed kernel-mode hardware drivers to help spread ransomware. Moreover, these crews produced developer accounts with Microsoft to submit malicious drivers to the software goliath's Windows Hardware Developer Program. Once Microsoft was hoodwinked into digitally signing the drivers, signalling the code was legit, the software would be trusted by the operating system. Here, once the miscreants had compromised a victim's Windows PC and got admin access, they are able to load the drivers and use them to do privileged things, like disable antivirus and security tools, and fully compromise the device and possibly the whole network.
As per Microsoft's advisory this week about the whole mess, the mega-biz was informed by the cybersecurity firms that Redmond-approved drivers were in use by various miscreants to hit organizations with ransomware. "In these attacks, the attacker had already gained administrative privileges on compromised systems prior to the use of the drivers," Microsoft commented, adding that its "investigation revealed that several developers account for the Microsoft Partner Center were engaged in submitting malicious drivers to obtain a Microsoft signature."
The big tech stressed there had been no compromise of its own network and systems; this was a case of rogue developers submitting bad drivers, waiting for Microsoft to wrongly OK them, and then using the code in the wild against victims, it said. Now Microsoft has frozen those developer accounts and steps taken to prevent the drivers from being deployed against any other targets.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.
