349
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability
(www.theregister.com)
this post was submitted on 12 Mar 2024
349 points (98.1% liked)
Technology
57472 readers
3619 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Microsoft has enforced mandatory digital signatures for drivers, and getting a digital signing key from Microsoft costs a ton of money. So, presumably they do care.
In contrast, consider nProtect GameGuard, the anti-cheat system in Helldivers 2. It is a rootkit, and runs in the kernel. Why does Microsoft permit this? Shouldn't this be blocked? It must be using either an exploit like the article, or a properly signed driver. Either way, Microsoft could fix it -- by patching the exploit, or revoking the signing key.
The fact that Microsoft hasn't done anything about malicious anticheat rootkits is a sign that they really don't care. They just want their payment.
I might be completely wrong, but I've heard that a key is only a few hundred dollars, and once you've got it you can sign whatever you want. I think ReactOS also used to offer free driver signing for open source projects.
So I guess if ReactOS can afford one, so can most anti-cheat companies.
I think what we're trying to say here is FUCK kernel-based anticheat systems!