Microsoft admits that many WHQL drivers for Windows 10 and Windows 11 systems are actually malware

According to news on July 13, Microsoft released a dynamic SafeOS update separately during this month’s Patch Tuesday event day to further improve Secure Boot security by deploying security mitigation measures. .

In addition to improving Secure Boot's DBX, Microsoft has also expanded the Windows Driver.STL revocation list, and added multiple malicious drivers. These malicious drivers were reported by security companies such as Cisco Talos, Sophos and Trend Micro.

Microsoft stated in the ADV230001 announcement that the maliciously signed WHQL driver caused many problems. The vulnerability tracking number is CVE-2023-32046. The main content translated by IT House is as follows:

Microsoft recently learned that drivers certified by the Microsoft Windows Hardware Developer Program (MWHDP) are being maliciously used for post-exploitation activities.

In these attacks, the attacker gained administrative rights to the compromised system before using the driver.

After Microsoft’s investigation, multiple abused Developer Program accounts were confirmed. No Microsoft account leaks were found during the investigation.

We have suspended our partners' seller accounts and implemented blocking detection on all reported malicious drivers to help protect buyers from this threat.

The above is the detailed content of Microsoft admits that many WHQL drivers for Windows 10 and Windows 11 systems are actually malware. For more information, please follow other related articles on the PHP Chinese website!