Microsoft Digital Certificates Once Again Abused To Sign Malware

Microsoft has once again been caught allowing its legitimate digital certificates to sign malware in the wild, a lapse that allows the malicious files to pass strict security checks designed to prevent them from running on the Windows operating system. ArsTechnica: Multiple threat actors were involved in the misuse of Microsoft's digital imprimatur, which they used to give Windows and endpoint security applications the impression malicious system drivers had been certified as safe by Microsoft. That has led to speculation that there may be one or more malicious organizations selling malicious driver-signing as a service. In all, researchers have identified at least nine separate developer entities that abused the certificates in recent months.

The abuse was independently discovered by four third-party security companies, which then privately reported it to Microsoft. On Tuesday, during Microsoft's monthly Patch Tuesday, the company confirmed the findings and said it has determined the abuse came from several developer accounts and that no network breach has been detected. The software maker has now suspended the developer accounts and implemented blocking detections to prevent Windows from trusting the certificates used to sign the compromised certificates. 'Microsoft recommends that all customers install the latest Windows updates and ensure their anti-virus and endpoint detection products are up to date with the latest signatures and are enabled to prevent these attacks,' company officials wrote.

Read more of this story at Slashdot.