Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures and Target Chinese-speaking Microsoft Users
Threat actors, primarily native Chinese-speaking, are exploiting a Microsoft Windows policy loophole to forge signatures on kernel-mode drivers. By altering the signing date of drivers, malicious and unverified drivers signed with expired certificates can be loaded onto systems, providing complete access and compromise. Microsoft has taken steps to block all certificates and suspend developer program accounts involved in the incident. The weakness in Windows certificate policies allows threat actors to deploy thousands of malicious, signed drivers without submitting them for verification. Open-source tools such as HookSignTool and FuckCertVerifyTimeValidity are used to forge the signatures.
- Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures The Hacker News
- Hackers exploit Windows policy to load malicious kernel drivers BleepingComputer
- Hackers target Chinese-speaking Microsoft users with 'RedDriver' browser hijacker The Record from Recorded Future News
- Hackers exploit gaping Windows loophole to give their malware kernel access Ars Technica
- Cisco Talos Reports Windows Policy Loophole Exploited by Threat Actor TechRepublic
Reading Insights
0
0
5 min
vs 6 min read
92%
1,120 → 94 words
Want the full story? Read the original article
Read on The Hacker News