Microsoft has said that a driver certified by the Windows Hardware Compatibility Program (WHCP) contained rootkit malware, but said the certificate infrastructure was not compromised.
How do I remove a rootkit infection? Windows & Android
In a statement posted to Microsoft’s Security Response Center, the company confirmed that it had discovered the compromised driver and suspended the account that originally submitted it. As Bleeping Computer notes, this incident was likely caused by a weakness in the code signing process itself.
Microsoft also says that there is no evidence that the WHCP signing certificate was compromised, so it is unlikely that anyone could have forged the certificate.
A rootkit is designed to mask its presence, making it difficult to detect even when it is running. Malware hidden in a rootkit can be used to steal data, modify reports, take control of the infected system, and so on.
