Microsoft could have broken the trust that code signing is supposed to foster. BleepingComputer reports that Microsoft confirmed it signed Netfilter, an unofficial third-party driver for Windows that contains rootkit malware. As security researcher Karsten Hahn discovered days earlier, it passed through Windows Hardware Compatibility Program. However, it connected to malware command-and-control servers in China.Although it is not clear how the rootkit got through Microsoft's certificate sign process, the company stated that it was investigating the matter and would be "refining", the signing process, and partner access policies, as well as validation. Microsoft doesn't believe that the malware writers stole certificates.Ningbo Zhuo Zhi Innovation Network Technology was the driver maker and worked with Microsoft to identify and fix any security holes. Windows Update will provide clean drivers to users.Microsoft claimed that the rogue driver had limited impact. The driver was targeted at gamers and it isn't known if it has compromised enterprise users. The rootkit is only available after exploitation. According to Microsoft, you must have administrator-level access to a computer to install it. If you don't go the extra mile to load Netfilter, it shouldn't be a problem.Even so, it isn't all comforting. A signed driver is often viewed as proof that the driver or program are safe. These users may be reluctant to update drivers promptly if they are concerned about malware.
