Hackers exploit Windows policy loophole for malicious kernel access

July 11, 2023 at 05:00 PM

•

1 min read

Hackers exploit Windows policy loophole for malicious kernel access — Photo: BleepingComputer

TL;DR Summary

Chinese hackers have been exploiting a Windows policy loophole to sign and load malicious kernel mode drivers on breached systems. By altering the signing date of drivers before July 29th, 2015, using tools like 'HookSignTool' and 'FuckCertVerify,' threat actors can use older, leaked, non-revoked certificates to escalate privileges and evade detection. Microsoft has revoked associated certificates and suspended developer accounts, but the risk remains as further certificates may still be exposed or stolen.

Topics:technology #chinese-hackers #code-signing-certificates #cybersecurity #kernel-mode-drivers #microsoft #windows

Share this article

Hackers exploit Windows policy to load malicious kernel drivers BleepingComputer
Hackers exploit gaping Windows loophole to give their malware kernel access Ars Technica
Hackers target Chinese-speaking Microsoft users with 'RedDriver' browser hijacker The Record from Recorded Future News
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures The Hacker News
Cisco Talos Reports Windows Policy Loophole Exploited by Threat Actor TechRepublic
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

91%

847 → 73 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights