133 Windows drivers with valid Microsoft signatures found crawling with malware <https://www.pcworld.com/article/1991875/caution-malware-in-133-windows-drivers-this-is-how-microsoft-reacts.html>
Malware is found in over 100 drivers for Windows, despite valid
signatures. Microsoft reacts and suspends the licences of many
developers.
People who keep their computers up to date and regularly install the
updates offered for Windows hope to have a secure PC. But it has now
become known that 133 drivers officially signed by Microsoft contain
malware. It’s a particularly dangerous problem because these drivers are loaded and installed by the operating system without prompting.
Malware with a certificate of authenticity?
Microsoft has apparently been familiar with the problem for a while and reacted as part of the most recent monthly Windows update. The 133
affected drivers were blocked and the accounts of the respective
developers were locked. But how could it ever come to this, that
officially released drivers contain malware?
Stolen certificates
According to Microsoft, all drivers had a valid signature. This allowed
them to secure administrator rights. This would have made it possible to monitor compromised systems at any time. The drivers would have come
from different Microsoft partners, and the discovered accounts have now
been suspended. The developer certificates used to sign the
malware-infused drivers were apparently stolen by the software
manufacturers and sold over the internet.
Offline scan recommended
Since Windows has been able to detect malicious drivers on its own since March 2023, Microsoft recommends regularly updating Windows Defender and
also applying Windows updates. To detect potentially malicious drivers
that may have been installed before March 2, 2023, an offline scan of
the system is also recommended. The bad drivers are now automatically collected in a revocation list integrated in Windows, including numerous drivers with certificates from China.
On 7/14/2023 10:38 AM, Char Jackson wrote:
133 Windows drivers with valid Microsoft signatures found crawling with
malware
<https://www.pcworld.com/article/1991875/caution-malware-in-133-windows-drivers-this-is-how-microsoft-reacts.html>
I guess all drivers should be open-sourced, and licensed by governments?
Without source codes, not even governments can manage them!!! ;)
133 Windows drivers with valid Microsoft signatures found crawling with malware <https://www.pcworld.com/article/1991875/caution-malware-in-133-windows-drivers-this-is-how-microsoft-reacts.html>
133 Windows drivers with valid Microsoft signatures found crawling with malware <https://www.pcworld.com/article/1991875/caution-malware-in-133-windows-drivers-this-is-how-microsoft-reacts.html>
Malware is found in over 100 drivers for Windows, despite valid
signatures. Microsoft reacts and suspends the licences of many
developers.
People who keep their computers up to date and regularly install the
updates offered for Windows hope to have a secure PC. But it has now
become known that 133 drivers officially signed by Microsoft contain
malware. It?s a particularly dangerous problem because these drivers are loaded and installed by the operating system without prompting.
Malware with a certificate of authenticity?
Microsoft has apparently been familiar with the problem for a while and reacted as part of the most recent monthly Windows update. The 133
affected drivers were blocked and the accounts of the respective
developers were locked. But how could it ever come to this, that
officially released drivers contain malware?
Stolen certificates
According to Microsoft, all drivers had a valid signature. This allowed
them to secure administrator rights. This would have made it possible to monitor compromised systems at any time. The drivers would have come
from different Microsoft partners, and the discovered accounts have now
been suspended. The developer certificates used to sign the
malware-infused drivers were apparently stolen by the software
manufacturers and sold over the internet.
Offline scan recommended
Since Windows has been able to detect malicious drivers on its own since March 2023, Microsoft recommends regularly updating Windows Defender and
also applying Windows updates. To detect potentially malicious drivers
that may have been installed before March 2, 2023, an offline scan of
the system is also recommended. The bad drivers are now automatically collected in a revocation list integrated in Windows, including numerous drivers with certificates from China.
On July 14, Char Jackson <none@none.invalid> referenced/quoted PCWorld:
133 Windows drivers with valid Microsoft signatures found crawling with
malware
<https://www.pcworld.com/article/1991875/caution-malware-in-133-windows-drivers-this-is-how-microsoft-reacts.html>
Malware is found in over 100 drivers for Windows, despite valid
signatures. Microsoft reacts and suspends the licences of many
developers.
People who keep their computers up to date and regularly install the
updates offered for Windows hope to have a secure PC. But it has now
become known that 133 drivers officially signed by Microsoft contain
malware. It?s a particularly dangerous problem because these drivers are
loaded and installed by the operating system without prompting.
Malware with a certificate of authenticity?
Microsoft has apparently been familiar with the problem for a while and
reacted as part of the most recent monthly Windows update. The 133
affected drivers were blocked and the accounts of the respective
developers were locked. But how could it ever come to this, that
officially released drivers contain malware?
Stolen certificates
According to Microsoft, all drivers had a valid signature. This allowed
them to secure administrator rights. This would have made it possible to
monitor compromised systems at any time. The drivers would have come
from different Microsoft partners, and the discovered accounts have now
been suspended. The developer certificates used to sign the
malware-infused drivers were apparently stolen by the software
manufacturers and sold over the internet.
Offline scan recommended
Since Windows has been able to detect malicious drivers on its own since
March 2023, Microsoft recommends regularly updating Windows Defender and
also applying Windows updates. To detect potentially malicious drivers
that may have been installed before March 2, 2023, an offline scan of
the system is also recommended. The bad drivers are now automatically
collected in a revocation list integrated in Windows, including numerous
drivers with certificates from China.
Since nearly a month has passed:
Did anybody do an (Microsoft Defender Antivirus) offline scan? If so,
what were the results?
Should we do an offline scan, or are things under control after the mentioned Windows Update update and ongoing Microsoft Defender (not
'Windows Defender') updates?
N.B. I did an offline scan, because on my (Windows 11) system, the 'Security providers' page of Windows Security for some reason showed 'No providers' for both 'Antivirus' and 'Firewall', instead of 'Microsoft Defender Antivirus' and 'Windows Firewall'.
I tried to fix this with the tips from some Google searches, but the simple/sane things (services, etc.) did not help and I did not want to
do the drastic things (sfc, dism, System Restore, system Reset, etc.).
I noted that a Quick/Full/Customised scan did not even start, so I
tried an offline scan. That worked (without errors). 'Security
providers' still said 'No providers', but now a Quick scan worked
(without errors). After the Quick scan, 'Security providers' correctly reported 'Microsoft Defender Antivirus is turned on.' and 'Windows
Firewall is turned on.'. So all was back to normal.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 361 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 123:17:20 |
| Calls: | 7,716 |
| Files: | 12,861 |
| Messages: | 5,727,955 |