Microsoft accidentally signed off a gaming driver that contained rootkit malware
By Stuart Thomas on June 28th, 2021 at 11:43am - original article from game-debate

Not quite the news you want to hear from the people who literally created and manage your entire PC Operating System, but Microsoft has revealed that they accidentally signed off a gaming driver that contained rootkit malware, and the situation is currently being investigated.

Microsoft usually tests a driver before releasing it, where they give the driver a digital certificate and allow them to be automatically installed into your system. But a piece of malware known as Netfilter (which sounds like some sort of anti-cheat software) somehow made it through the tests without being detected.

The driver was originally found by Karsten Hahn, a Malware Analyst at German tech security blog, G Data, and quickly brought the information to Microsoft, who then “promptly added malware signatures to Windows Defender and are now conducting an internal investigation.

The account that originally submitted the driver has apparently now been suspended, and now Microsoft is also investigating the account’s previous submissions as well. Right now it is not known how the driver got through Microsoft’s testing and not detected as malware, but hopefully investigations will soon explain it.

The driver in question, Netfilter, is described as “limited to the gaming sector specifically in China,” by Microsoft’s Security Response Center Team (MSRC), and its purpose is to “use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers.

The good news is that it seems like users don’t have to do anything now, as “there are no actions customers should take other than follow security best practices and deploy Antivirus software such as Windows Defender for Endpoint,” said the MSRC Team.

What do you think? How could something like this happen? What is Netfilter exactly and how could it be used maliciously on other user’s computers? Let us know!