Security News > 2023 > April > How fiends abuse an out-of-date Microsoft Windows driver to infect victims

Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.
To be clear, AuKill takes the BYOVD approach: it brings onto the PC a vulnerable Microsoft driver to exploit.
As part of the research, Microsoft suspended various third-party developers of malicious Windows drivers and revoked certificates that were used to sign the drivers.
For security reasons, Windows include a feature called Driver Signature Enforcement, which ensures that kernel-mode drivers have been signed by a valid code-signing authority before Windows lets them run.
AuKill is designed to both abuse a legitimate but outdated driver while also getting Microsoft to digitally sign it.
It drops the older driver into the system's Windows OS, where it can sit with the newer Process Explorer driver already in the system.
News URL
Related news
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)