EXECUTIVE SUMMARY:
Microsoft’s Trusted Signing service has been exploited to sign malware, allowing attackers to distribute malicious software that appears legitimate. Threat actors abused a feature that lets developers submit unsigned kernel-mode drivers for signing, enabling them to bypass security mechanisms. Researchers discovered multiple cases of this misuse, where signed malware was used to install rootkits and disable security software. Microsoft has since revoked the malicious certificates and tightened security, but the incident raises concerns about the risks of trusted code-signing services.