Security News > 2023 > April > How fiends abuse an out-of-date Microsoft Windows driver to infect victims
Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.
To be clear, AuKill takes the BYOVD approach: it brings onto the PC a vulnerable Microsoft driver to exploit.
As part of the research, Microsoft suspended various third-party developers of malicious Windows drivers and revoked certificates that were used to sign the drivers.
For security reasons, Windows include a feature called Driver Signature Enforcement, which ensures that kernel-mode drivers have been signed by a valid code-signing authority before Windows lets them run.
AuKill is designed to both abuse a legitimate but outdated driver while also getting Microsoft to digitally sign it.
It drops the older driver into the system's Windows OS, where it can sit with the newer Process Explorer driver already in the system.
News URL
Related news
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Microsoft fixes Windows Server bug causing crashes, NTLM auth failures (source)
- Microsoft fixes VPN failures caused by April Windows updates (source)
- Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors (source)
- Microsoft's new Windows 11 Recall is a privacy nightmare (source)
- Microsoft pushes emergency fix for Windows Server 2019 update errors (source)
- Microsoft: Windows 24H2 will remove Cortana and WordPad apps (source)
- Microsoft: Windows 11 preview update causes taskbar crashes (source)
- Microsoft deprecates Windows NTLM authentication protocol (source)
- Microsoft announces first Windows 10 Beta build since 2021 (source)