Hackers exploit Windows driver signature enforcement loophole for malware persistence

Source
Advertisement


Attackers have used the loophole to forge signatures on maliciously modified drivers, enabling them to deploy persistent malware and defeat game defenses.

A loophole in a core Windows security mechanism that requires all kernel drivers to be digitally signed by Microsoft allows attackers to forge signatures on maliciously modified drivers. This technique has been automated and used to defeat anti-cheating and digital rights management (DRM) features in games and more recently to deploy highly persistent malware.

Advertisement