Millions of Windows may have been infected by hackers who spread viruses using auto-install drivers.
14.07.2023 – To keep Windows secure, it is essential to keep your computer up to date, that is, to install all necessary updates, especially those specifically designed to fix security holes. Well, it seems that we can no longer trust automatic updates approved by Microsoft, because as it turned out in the past few days, 133 programs contained some kind of malware.
although According to Redmonds The drivers infected with the virus were primarily targeting Chinese users, and knowing the way, it is very likely that millions of people around the world were compromised. The biggest problem with this is that the affected drivers have a valid signature, i.e. authentication, with which they can get administrator-level access to Windows, and thus can monitor it completely.
the Cisco Talos According to its security team, the virus drivers were created by exploiting a Windows Control vulnerability that allowed drivers signed before July 29, 2015 to be loaded into open source tools such as HookSignTool and FuckCertVerifyTimeValidity. They can then make fake drivers so that – From various Microsoft Partners: Stolen/Purchased – Token signing certificates can be used for authentication, which Microsoft did not investigate closely later, and even installed many of them automatically.
The good news is that Microsoft has disabled malicious drivers along with developer profiles. At the same time, everyone is advised to install the latest Windows update and then run a Microsoft Defender scan (formerly Windows Defender), which will detect and remove malware. In addition, the latest Patch Tuesday updates include a revocation list, which in principle prevents Windows from loading these drivers.
Can you distinguish real photos from photos generated by artificial intelligence?
