Security News > 2023 > April > How fiends abuse an out-of-date Microsoft Windows driver to infect victims
Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.
To be clear, AuKill takes the BYOVD approach: it brings onto the PC a vulnerable Microsoft driver to exploit.
As part of the research, Microsoft suspended various third-party developers of malicious Windows drivers and revoked certificates that were used to sign the drivers.
For security reasons, Windows include a feature called Driver Signature Enforcement, which ensures that kernel-mode drivers have been signed by a valid code-signing authority before Windows lets them run.
AuKill is designed to both abuse a legitimate but outdated driver while also getting Microsoft to digitally sign it.
It drops the older driver into the system's Windows OS, where it can sit with the newer Process Explorer driver already in the system.
News URL
Related news
- Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (source)
- Microsoft starts final Windows Recall testing before rollout (source)
- Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: New Windows updates fix Active Directory policy issues (source)
- Microsoft tells Windows users to ignore 0x80070643 WinRE errors (source)
- Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Microsoft fixes Remote Desktop freezes caused by Windows updates (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)