With their December 2022 Patch Tuesday updates, industrial behemoths Siemens and Schneider Electric have fixed more than 140 vulnerabilities. Significantly more advisories and vulnerabilities were patched by Siemens.
The business specifically published 20 new advisories that addressed about 140 security holes. Although Microsoft stated on Tuesday that it is taking action to address the issue, it appears that stopping this practice has not been an easy task for the company. Threat actors have used drivers signed by Microsoft in their operations before. Both SentinelOne and Mandiant think that one or more suppliers that specialize in providing these kinds of services may have given the maliciously signed drivers to various threat actors.
Also Read: Strategies to Identify Database Security Threats and Vulnerabilities at Early Stage
SentinelOne noted that the similar functionality and layout of drivers used by various threat groups lend credence to this theory.
Read More: Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes
