Microsoft knew that Windows 11-10 drivers from WHQL were malware

Earlier today, Microsoft released new updates via Patch Tuesday for Windows 10 (KB5028166) and Windows 11 (KB5028185). The company separately announced new Dynamic SafeOS updates intended to strengthen security measures in place against Secure Boot vulnerabilities.

Along with the changes made to Secure Boot DBX, Microsoft also added several malicious drivers to the Windows Driver.STL revocation list. Microsoft was notified of these drivers by security companies Cisco Talos, Sophos and Trend Micro.driver

In a special safety publication ADV230001, Microsoft explains the issue (CVE-2023-32046) was the result of maliciously signed WHQL drivers:

Microsoft has recently been notified that drivers certified by Microsoft's Windows Hardware Developer Program (MWHDP) are being used maliciously. In these attacks, the attacker can gain administrative privileges on the compromised systems.

Microsoft requires signing for kernel mode drivers using the WHDP program. However, as has been the case in the past, certification is not a foolproof method. Cisco Talos reported that hackers use various signature forgery utilities such as HookSignTool to bypass WHCP measures. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

drivers, malware

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).