Last year, after stopping a #ransomware attack, X-Ops discovered the attackers had managed to sabotage endpoint protection tools using a malicious driver signed by Microsoft. We reported the issue the Microsoft and continued to investigate.

But after we published detection signatures that could block the drivers, we were surprised to discover dozens more of the criminal tools had been created and signed -- months earlier than we suspected.

Today, after a monthslong collaboration with Microsoft, they've invalidated this much larger collection of malicious drivers we reported to them as part of the Patch Tuesday release. In total, X-Ops discovered 133 malicious drivers, 100 of which were signed by Microsoft's WHCP.