"Hackers Exploit Windows Policy to Load Malicious Kernel Drivers"

Microsoft blocked code signing certificates mainly used by Chinese hackers and developers to sign and load malicious kernel-mode drivers on compromised systems through the exploitation of a Windows policy loophole. Kernel-mode drivers work at the highest privilege level on Windows (Ring 0), granting full access to the target machine for stealthy persistence, undetectable data exfiltration, and the ability to terminate nearly any process. Even if security tools run on the compromised device, a kernel-mode driver can interrupt their operation, disable their enhanced protection capabilities, or make targeted configuration changes to avoid detection. Microsoft introduced policy changes with Windows Vista that restricted how Windows kernel-mode drivers could be loaded into the operating system. This article continues to discuss hackers exploiting a Windows policy loophole to load malicious kernel-mode drivers. 

Bleeping Computer reports "Hackers Exploit Windows Policy to Load Malicious Kernel Drivers"