Tag

Kernel Mode Drivers

All articles tagged with #kernel mode drivers

cybersecurity2 years ago•4 min saved

Hackers exploit Windows policy loophole for malicious kernel access

Chinese hackers have been exploiting a Windows policy loophole to sign and load malicious kernel mode drivers on breached systems. By altering the signing date of drivers before July 29th, 2015, using tools like 'HookSignTool' and 'FuckCertVerify,' threat actors can use older, leaked, non-revoked certificates to escalate privileges and evade detection. Microsoft has revoked associated certificates and suspended developer accounts, but the risk remains as further certificates may still be exposed or stolen.

via BleepingComputer|

#chinese-hackers #code-signing-certificates #cybersecurity

cybersecurity2 years ago•5 min saved

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures and Target Chinese-speaking Microsoft Users

Threat actors, primarily native Chinese-speaking, are exploiting a Microsoft Windows policy loophole to forge signatures on kernel-mode drivers. By altering the signing date of drivers, malicious and unverified drivers signed with expired certificates can be loaded onto systems, providing complete access and compromise. Microsoft has taken steps to block all certificates and suspend developer program accounts involved in the incident. The weakness in Windows certificate policies allows threat actors to deploy thousands of malicious, signed drivers without submitting them for verification. Open-source tools such as HookSignTool and FuckCertVerifyTimeValidity are used to forge the signatures.

via The Hacker News|

#cybersecurity #kernel-mode-drivers #microsoft