Security News > 2023 > July > Microsoft patches four zero-days, finally takes action against crimeware kernel drivers
We've given you important, interesting and informative detail about the ongoing saga of malicious kernel drivers, many of them signed and approved by Microsoft itself, that have finally been blocked by Windows.
The second important item is the matter of ADV230001, Microsoft's advisory entitled Guidance on Microsoft signed drivers being used maliciously.
The not-so-great thing about kernel drivers is that they offer the very same super-low-level, mega-dangerous and potentially subversive capabilities to malware creators and cybercriminals, too.
As a result of the proliferation and abuse of rootkits on Windows XP, Microsoft started clamping down on kernel drivers, starting back in Windows Vista.
In current versions of Windows where Secure Boot is enabled, you can only load kernel drivers that have been officially reviewed and digitally signed by Microsoft itself.
Last December's rogue driver discoveries by SophosLabs ultimately turned up a significant list of kernel-level malware, including 100 drivers signed "Personally" by Microsoft itself.
News URL
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)