Mastodawn

BrianKrebs Jul 11, 2023

Whoa. Sophos researchers just announced that they’ve uncovered 133 malicious drivers signed with legitimate digital certificates, and found 100 of of those 133 drivers were signed by Microsoft.

https://news.sophos.com/en-us/2023/07/11/microsoft-revokes-malicious-drivers-in-patch-tuesday-culling/

From the post:

"Today, Microsoft issued Security Advisory ADV230001 as part of their July Windows Update that addresses Sophos’ discovery of more than 100 malicious drivers that had been digitally signed by Microsoft and others, dating as far back as April 2021."

"They also released Knowledge Base article 5029033, which includes new, more detailed information on the technical measures Microsoft has taken to protect against these malicious signed drivers."

https://msrc.microsoft.com/update-guide/vulnerability/ADV230001

https://support.microsoft.com/help/5029033

Today's post about patches from Microsoft and Apple to quash zero-day bugs:

https://krebsonsecurity.com/2023/07/apple-microsoft-patch-tuesday-july-2023-edition/

I wrote recently about one of the bigger names in signing malware as a service:

https://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-…

Sophos News

Show thread

Florencio Cano Jul 11, 2023

Signing is a good security measure to reduce the probability and impact of certain threats, but it's not the definitive security control in the supply chain. If an attacker compromises the supply chain, it is probable that it will have access to the mechanism to sign artifacts with a valid certificate. I don't say its what has happened in this case, but a fact related to the use of signing.