Windows code-signing attacks explained (and how to defend against them)

Learn how code-signing attacks work and how to defend against them. It starts with patching.

A hacker attacks from within a Windows system.
AlphaSpirit / Getty Images

Code signing is a mechanism by which software manufacturers assure their consumers that they are running legitimate software, signed by its manufacturer via cryptography. This ensures that the software release wasn’t tampered with while making its way from the manufacturer to the end-user and is especially relevant when downloading software from third-party websites rather than the manufacturers themselves.

You need to be sure you’re downloading the official release of a software package as shipped by the manufacturer and not an executable that was, say, injected with malware by an attacker.

How code signing works

Digital signatures in this context work by cryptographically signing a file to assure the user that the integrity of this file is intact. To do this, a manufacturer, with a public and private key pair, calculates the hash of the finalized software package and encrypts this hash with their private key.

This encrypted hash bundled with the shipped file enables signature validation utilities installed on the client’s end to check the authenticity of the signature via the corresponding public key. The end result on Windows systems looks like the dialog box below. The .exe file has an embedded digital signature that certifies the file was signed by Microsoft Corporation.

To continue reading this article register now

The 10 most powerful cybersecurity companies