Beberapa waktu yang lalu Microsoft telah merilis pembaruan untuk Cummulative Update Juli yang mereka rilis untuk penggunanya, di mana mereka juga merilis untuk Windows 10 dan Windows 11.
Secara bersamaan namun di waktu yang terpisah, perusahaan juga memberikan sebuah pengumuman bahwa mereka memberikan safeOS Dynamic yang terbaru dan difungsikan untuk memperkuat mitigasi keamanan ketika perangkat sedang dalam mode Safe Boot.
Tetapi dengan tanpa sengaja Microsoft ternyata juga memberikan sebuah Malware yang berbahaya yang masuk melalui driver yang mereka berikan. Informasi ini mungkin tidak diketahui oleh perusahaan jika Tren Micro dan Shopos memberitahukan hal ini.
“Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the drivers.
Microsoft has completed its investigation and determined that the activity was limited to the abuse of several developer program accounts and that no Microsoft account compromise has been identified. We’ve suspended the partners’ seller accounts and implemented blocking detections for all the reported malicious drivers to help protect customers from this threat.” Jelas Microsoft melalui laman resmi mereka.
Namun Microsoft juga memberikan beberapa informasi pendukung lainnya seperti detail dari Malware dan juga langkah awal untuk meminimalisir penyebarannya. Berikut penjelasan lengkapnya:
Detail
Microsoft was informed that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers. An investigation was performed when we were notified of this activity by Sophos on February 9, 2023; Trend Micro and Cisco subsequently provided reports containing additional details. This investigation revealed that several developer accounts for the Microsoft Partner Center (MPC) were engaged in submitting malicious drivers to obtain a Microsoft signature. All the developer accounts involved in this incident were immediately suspended.
Recommended Actions
Microsoft recommends that all customers install the latest Windows updates and ensure their anti-virus and endpoint detection products are up to date with the latest signatures and are enabled to prevent these attacks.
Jadi bagi kamu yang mungkin menggunakan versi tersebut, bisa langsung melakukan tindakan awal yang diberikan oleh Microsoft.
