133 Windows drivers with valid Microsoft signatures found crawling with malware

People who keep their computers up to date and regularly install the updates offered for Windows hope to have a secure PC. But it has now become known that 133 drivers officially signed by Microsoft contain malware. It’s a particularly dangerous problem because these drivers are loaded and installed by the operating system without prompting.

Malware with a certificate of authenticity?

Microsoft has apparently been familiar with the problem for a while and reacted as part of the most recent monthly Windows update. The 133 affected drivers were blocked and the accounts of the respective developers were locked. But how could it ever come to this, that officially released drivers contain malware?

Stolen certificates

According to Microsoft, all drivers had a valid signature. This allowed them to secure administrator rights. This would have made it possible to monitor compromised systems at any time. The drivers would have come from different Microsoft partners, and the discovered accounts have now been suspended. The developer certificates used to sign the malware-infused drivers were apparently stolen by the software manufacturers and sold over the internet.

Offline scan recommended

Since Windows has been able to detect malicious drivers on its own since March 2023, Microsoft recommends regularly updating Windows Defender and also applying Windows updates. To detect potentially malicious drivers that may have been installed before March 2, 2023, an offline scan of the system is also recommended. The bad drivers are now automatically collected in a revocation list integrated in Windows, including numerous drivers with certificates from China.

Editor’s note: This article originally appeared on PCWorld’s sister site PCWelt, and was translated from German to English.