Microsoft introduces new driver updates to provide the best experience to the users. Before introducing a driver, Microsoft tests it. If a driver passes its test, Microsoft assigns a digital certificate. After getting a digital certificate from Microsoft, this driver starts by installing default on the users' computers. Nowadays, Microsoft has signed a new driver Netfilter. It is a third-party driver which contains rootkit malware. This rootkit malware is circulating in the gaming community. This driver has passed through WHCP, giving control of various servers in China.
There is no authentic news from Microsoft about its signing process. The company is investigating the signing process of this driver, and Microsoft is also refining its signing process. It is also validating its partner access policies. Some security experts are saying that hackers may have stolen this certificate. The Microsoft team has confirmed that they have not found any evidence of stealing this certificate. Some security experts are also saying that it may be the work of state-sponsored hackers, but the Microsoft team does not agree with this.
Ningbo Zhuo Zhi Innovation Network Technology has developed this driver. This company is also working with Microsoft to find out security holes in the driver. For this reason, they are also investigating the affected hardware. According to them, they will provide clean drivers to the users through the Windows Update. Microsoft team is also saying that this driver has limited impacts. The main target of the Rootkit malware was the gamers. Therefore, enterprise users don't worry about Rootkit malware. Moreover, this malware requires administration-level access to last some negative impacts on the system.
Microsoft is trying to comfort its users. Anyhow, this incident is not comfortable for the users. They are raising questions about the security of this driver. Moreover, Microsoft users usually receive notifications about the new drivers. Nowadays, they are feeling hesitant to install new drivers. The users think that these new drivers may also contain Rootkit malware. Instead, they are questioning the authenticity of the drivers directly coming from the manufacturers. To satisfy the users, Microsoft has to give a clear statement.
Eavesdropping on SSL Connections:
Karsten Hahn is a security researcher in the firm G Data. The company uses a malware detection system at their company which flagged the Netfilter driver. Initially, he thought he was receiving this message due to a false positive. Microsoft launched this driver after signing the digital certificate, which was the reason for the false-positive flag. As a result, he decided to test it further with the security team. Further testing showed that the warning message was not due to a false positive.
A reverse engineer has written on Twitter that its core functionality is similar to eavesdropping on SSL connections. Along with the IP redirecting component, it also instals a root certificate in the registry, so we could not view this malware in the file directories, task monitors, etc. The Windows trusted certificate authority issued the certificates. If hackers have succeeded in getting this certificate signed, they can easily bypass the CA requirements.
Serious Security Lapse:
After detecting the Rootkit malware in the new driver, Microsoft has written a detailed post about it. According to Microsoft, they are investigating this malicious actor. Its reason is that this malicious actor is distributing malware within the gaming environments.
They are distributing the drivers through the WHCP. Microsoft has signed this driver that is built by a third party. According to Microsoft, they have suspended their account. They are also reviewing their additional drivers. According to them, they have not found signs of vulnerabilities in the signing infrastructure of this software. Therefore, users don't need to worry about the driver updates.
Dangers of Rootkit Malware:
Rootkit malware is one of the most effective forms of malware that manipulated the vulnerability of Microsoft to gain an advantage. People are still facing some problems dealing with Rootkit malware. There are serious dangers of this malware. For example, it remains hidden in the PCs. After remaining hidden in the PCs, it provides remote access to the hackers. If organizations want to save themselves from the dangers of this malware, they should try to focus on their security.
How to Protect Against Rootkit Malware?
No doubt, most Microsoft users have updated this driver. That's why this malware can create some problems for them. If you want to protect your systems against Rootkit malware, you should follow some essential tips.
First, you should carry out IT inductions meaning the employees go through IT inductions before joining the organization. Secondly, you should install all the updates. When installing these updates, you can save your system against these vulnerabilities. At last, you can also work with anti-malware software. While working with anti-malware software, you can easily identify malicious websites.
Conclusion:
If you are using the internet, you are well aware of Microsoft. It offers the best IT solutions to the users. To ensure the security of the users, it introduces new driver updates. Introducing the new driver updates allows the systems to install these drivers automatically. Recently, Microsoft has introduced a new driver Netfilter. It is the product of a third party, but Microsoft has given a certificate to it. The security experts have said that this driver has Rootkit malware. Due to this, Rootkit malware is infecting the systems of the gaming systems. Microsoft has noticed this malware and is detecting the root cause of this malware.
About Author: Tyler Archer is a renowned academic writer. Writes mostly about Assignment writing services, PhD. Dissertation Help, and Essay Writing Services in the UK.
