Hackers Exploit Open Source Tools to Bypass Microsoft Driver Restrictions

Hackers are exploiting open source software to sneak in Windows malware and bypass Microsoft driver restrictions. In addition, they penetrate the most critical layer of the operating system: the Windows kernel.
Two GitHub software tools are being misused by hackers to spread malware on Windows devices. Hackers can thus break into the Windows kernel, giving them access to the most critical and sensitive functions of the operating system.
Investigators from Talos security team, part of Cisco, discovered the activities. According to the report, Chinese hacker collectives are exploiting open source tools. The tools were previously only used for cheating in video games. Now hackers are targeting the tools.
They found a way through an exception rule that Microsoft itself set in the restrictions it imposes on drivers. The exception allows drivers carrying a certificate issued before July 29, 2015 to access Windows systems.
“As a result, multiple open source tools have been developed to exploit this loophole. This is a well-known technique that is often overlooked, despite posing a serious threat to Windows systems and being relatively easy to implement, in part because the tooling is publicly available,” the researchers write.

How Hackers Exploit Open Source Tools

Hackers first design malware they want to get into the Windows kernel and add a stolen or expired Windows certificate released before July 29, 2015. Then they use the tools on GitHub to exploit Microsoft’s CertTimeValidity feature. This function determines whether a certificate qualifies for Microsoft’s exception rule.
Several of these certificates were mentioned by name by Talos. The researchers also informed Microsoft of the problem, after which the Windows inventor already blocked the known certificates with the latest released update.

Windows Operating System a Popular Target for Hackers

Windows is a popular operating system and therefore attracts the attention of hackers. After all, one successfully developed malware can be immediately spread to a large part of the population. Recently, other security researchers discovered a new ransomware masquerading as a Windows update.
Hackers are increasingly exploiting open source tools to bypass Microsoft driver restrictions and penetrate the Windows kernel. The tools were previously only used for cheating in video games, but now hackers are targeting them to gain access to the most critical and sensitive functions of the operating system.
Investigators from Talos security team, part of Cisco, discovered the activities. According to the report, Chinese hacker collectives are exploiting open source tools. They found a way through an exception rule that Microsoft itself set in the restrictions it imposes on drivers.
Hackers first design malware they want to get into the Windows kernel and add a stolen or expired Windows certificate released before July 29, 2015. Then they use the tools on GitHub to exploit Microsoft’s CertTimeValidity feature. This function determines whether a certificate qualifies for Microsoft’s exception rule.
Several of these certificates were mentioned by name by Talos. The researchers also informed Microsoft of the problem, after which the Windows inventor already blocked the known certificates with the latest released update.
Windows is a popular operating system and therefore attracts the attention of hackers. After all, one successfully developed malware can be immediately spread to a large part of the population. Recently, other security researchers discovered a new ransomware masquerading as a Windows update.
The open source tools being exploited by hackers are a serious threat to Windows systems. The tools are relatively easy to implement, in part because the tooling is publicly available. Microsoft has already blocked the known certificates with the latest released update, but hackers may find new ways to exploit the loophole.
Organizations and individuals should be aware of the potential risks posed by open source tools and take steps to protect their Windows systems. This includes regularly updating Windows and installing the latest security patches. It is also important to be aware of the latest security threats and to be vigilant when downloading software from the internet.