Microsoft blocked code signing certs, favored by Chinese hackers and devs, for loading malicious kernel mode drivers via Windows policy exploit. Windows kernel-mode drivers, at Ring 0, grant utmost privilege, enabling the following abilities:- Stealthy persistence Undetectable data exfiltration Universal process termination A kernel-mode driver can disrupt the active security tools on a compromised device and perform the following illicit activities:- Interrupt the security tools’ operations Turn off the advanced protection capabilities of the security solutions Make targeted configuration changes for stealthy evasion Cybersecurity researchers at Cisco Talos recently reported this issue to Microsoft and stated:- “Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.

Source: GBHackers