Microsoft digitally signs malicious rootkit driver
![](https://greatretirementdelight.com/wp-content/uploads/2021/06/windows-malware-800x400-ub0nCe-780x400.jpeg)
![Stock photo of a virus alert on a laptop screen.](https://cdn.arstechnica.net/wp-content/uploads/2021/06/windows-malware-800x400.jpeg)
Microsoft gave its digital imprimatur to a rootkit that decrypted encrypted communications and sent them to attacker-controlled servers, the company and outside researchers said.
The blunder allowed the malware to be installed on Windows machines without users receiving a security warning or needing to take additional steps. For the past 13 years, Microsoft has required third-party drivers and other code that runs in the Windows kernel to be tested and digitally signed by the OS maker to ensure stability and security. Without a Microsoft certificate, these types of programs can’t be installed by default.
Eavesdropping on SSL connections
Earlier this month, Karsten Hahn, a researcher at security firm G Data, found that his company’s malware detection system flagged a driver named Netfilter. He initially thought the detection was a false positive because Microsoft had digitally signed Netfilter under the company’s Windows Hardware Compatibility Program.