Microsoft accidentally signed a piece of malware, which is said to have operated in China’s gaming industry.
Since Windows Vista, all Microsoft publishers must have their drivers or other programs signed. Without it, default on the operating system can not instal them without creating security alerts. The goal is, initially, to avoid malware, which is usually signed using surprising methods, such as stolen certificates for example.
However, the company admitted to accidentally signing a program that turned out to be Chinese spyware. The latter was in a driver called “NetFilter”, and turned out to be a rootkit. This allows hackers to discreetly access, steal, and use user data.
Microsoft’s security gaps
Normally, Microsoft must analyze the program introduced to it by publishers before signing it. This time around, the usual validation process appears to have not been followed or has been neglected, as the company admitted to signing the program in question. This error allowed the rootkit to be installed on multiple Microsoft devices, without the company, users, or security systems noticing.
This neglect is a testament to some loopholes in Microsoft’s security, as the Chinese players performed this operation with disconcerting ease, going through the normal process. “The software seems to illegally spy on SSL connections”, has indicated the retro-engineer Johann Aydinbas on Twitter.
According to the Redmond company, the activity of malicious actors was limited to machines in the video game industry, mainly in China. “We have suspended the account and are reviewing their past claims for additional signs of malware,” Microsoft said.
This type of failure raises questions about the security of the firm’s verification process, especially since signing a program usually means it is secure. This incident appears only a few months after Chinese hackers hacked 30,000 American organizations thanks to a simple flaw in Microsoft Exchange .