Unfortunately for Microsoft, it seems that the company might have accidentally signed off on a driver loaded with rootkit malware. This is according to a report from BleepingComputer who revealed that Microsoft signed off on Netfilter, a third-party driver for Windows that contained malware and was being circulated in the gaming community.
Microsoft has acknowledged the issue where they said that any impact this had was limited. “We have seen no evidence that the WHCP signing certificate was exposed. The infrastructure was not compromised. In alignment with our Zero Trust and layered defenses security posture, we have built-in detection and blocking of this driver and associated files through Microsoft Defender for Endpoint. We are also sharing these detections with other AV security vendors so they can proactively deploy detections.”
However, as some have pointed out, even though the impact might be limited and nothing nefarious has happened (yet), the fact that this somehow made it past security is worrying. After all, if you can’t trust signed software or drivers, what can you trust, right?