What does it mean that a company like Apple has stopped signing older versions of its software? Basically, code signing is a way for companies to help reassure users that the software they are about to use is safe because they have effectively signed off on it.
Sadly for Microsoft, it looks like the company might have accidentally signed off on a driver that was loaded with rootkit malware. This is according to a report from BleepingComputer who revealed that Microsoft signed off on Netfilter, a third-party driver for Windows that contained malware and was being circulated in the gaming community.
Microsoft acknowledged the issue and said it had a limited impact. “We have seen no evidence that the WHCP signing certificate was exposed. The infrastructure was not compromised. In alignment with our Zero Trust and layered defenses security posture, we have built-in detection and blocking of this driver and associated files through Microsoft Defender for Endpoint. We are also sharing these detections with other AV security vendors so they can proactively deploy detections.”
Some point out that, even though the impact might be limited and nothing bad has happened yet, the fact that this made it past security is concerning. If you can’t trust signed software or drivers, what can you trust?