This is what happens when you let MBAs and marketers run things to the point that competent cybersec folks and coders leave, or quiet quit, and/or give up on best practices. Microsoft is a clown company.
This is the best summary I could come up with:
In July, security researchers revealed a sobering discovery: hundreds of pieces of malware used by multiple hacker groups to infect Windows devices had been digitally signed and validated as safe by Microsoft itself.
On Tuesday, a different set of researchers made a similarly solemn announcement: Microsoft’s digital keys had been hijacked to sign yet more malware for use by a previously unknown threat actor in a supply-chain attack that infected roughly 100 carefully selected victims.
The program is used to certify that device drivers—the software that runs deep inside the Windows kernel—come from a known source and that they can be trusted to securely access the deepest and most sensitive recesses of the operating system.
Then, Carderbee used its newfound control to push malicious updates to roughly 2,000 organizations that are Cobra DocGuard customers.
The fact that they appear to only deploy their payload on a handful of the computers they gain access to also points to a certain amount of planning and reconnaissance on behalf of the attackers behind this activity.”
While attackers could already install apps, steal passwords, and take other liberties, running code in the kernel allowed them to do things that would otherwise be impossible.
The original article contains 493 words, the summary contains 199 words. Saved 60%. I’m a bot and I’m open source!
Microsoft has long given no fucks about security of their protocols collaborating with the NSA to leave vulnerabilities open for exploitation rather than patching them.
Before NSA was a intelligence gathering network for the DHS, it was responsible for making sure our communications were secure. So when it was supposed to be standardizing communication protocols, it was instead ignoring known vulnerabilities for exploitation and paying off Microsoft not to close them. Of course Russia, China and Iran would also be aware of these vulnerabilities and how to use them to gain access to presumably secure communications.