Hackers Exploit Policy Loophole in Windows Kernel Drivers

12-Jul-23

In a blog post published on July 11, researchers from Cisco Talos described how they had discovered the malicious activity, which takes advantage of a loophole in Microsoft’s Windows driver-signing policy that permits the signing and loading of cross-signed kernel mode drivers with signature timestamps earlier than July 29, 2015.

Researchers have discovered that hackers are loading malicious and unverified drivers with expired certificates utilising a Windows policy vulnerability for kernel mode drivers. The activity, which predominantly targets Windows users who speak Chinese, may grant threat actors full access to victims’ PCs.

Read More…