Microsoft has deleted the accounts of a few outside developers after they were found to have had the company classify malware in the form of hardware drivers as safe.
The incident was revealed last week, but dates from October. Security firms SentinelOne, Mandiant and Sophos have discovered that hackers could spread their ransomware using Microsoft-approved drivers.
This kind of attack attempt requires a hacker to have administrator rights on a device, but by installing drivers qualified as ‘safe’ by Windows, he can also disable elements such as the security and perhaps more easily accessible to the targeted network.
Following this information, Microsoft investigated the issue and discovered that various developer accounts for the Microsoft Partner Center had submitted faulty drivers. These accounts were removed in October, according to Microsoft in a security report.
Because of the incident, Microsoft is considering better detection methods to better spot such practices and block them.
The incident was revealed last week, but dates from October. Security firms SentinelOne, Mandiant and Sophos discovered that hackers had to spread their ransomware using Microsoft-approved drivers. This type of attack attempt requires a hacker to have administrator rights on a device, but by installing drivers qualified as “safe” by Windows, he can also disable elements such as the security and perhaps more easily accessible to the targeted network. Following this information, Microsoft investigated the issue and discovered that various developer accounts for the Microsoft Partner Center had missed malicious drivers. These accounts were removed in October, according to Microsoft in a security report. Due to the incident, Microsoft is considering the best detection methods, in order to better spot such practices and block them.
.