Microsoft has accidentally signed a driver called Netfilter, which contains malware and is distributed within gaming environments. Cybersecurity researchers have been tracing the malware and its activities and found that it communicates with Chinese command and control (C2) IP addresses.
That type of malware is called a rootkit, which means that it is programmed to gain access to unauthorized parts of a computer system while concealing its existence.
Microsoft has announced the issue in a blog post. They said the driver was submitted through the Windows Hardware Compatibility program and that they are investigating it.
They pointed out that they have seen no evidence of certificate exposure and that the infrastructure was not compromised. They touted the ability of the Microsoft Defender for Endpoints UEFI scanner to scan below the operating system for such threats.
Now that this has exposed a weakness in the code signing process, hopefully they can find a way to reduce the risk of this happening again.
