[concerned_user]

I also think Microsoft should be responsible, they gave the keys to sign the kernel driver so I expect that driver to at least be subject to regular testing and scrutiny not just when initial release was made.

[Bognar]

They didn't "give the keys", they have a signing infrastructure that is meant to be used for validating organizational identity and origins of code. They have a quality checking system, but it's only required for certain levels of Microsoft backing. I think it used to be called the Windows Logo Program or something?

[LASR]

Signing is meant only to verify the identity of the organization producing the signed artifact.

It’s not meant to signify that it’s bug-free.

[concerned_user]

WHQL signifies it is tested and that driver is WHQL certified.

[Kwpolska]

The issue was caused by a data file, Microsoft is not involved in signing or testing individual data files.

[_flux]

The actual issue was with the signed code reading the data files that the data file update just brought to surface.

But I don't think Microsoft verifies customer code, they might not even have access to it.

[concerned_user]

You are right Microsoft are not checking the 3rd party code itself they are only running a lot of tests on the compiled code.

There is a recent video now from a former Microsoft employee where he explains that those drivers that get WHQL certification are ran on test machines in stress conditions for some time, or at least that is how it used to be when he worked there.

Since that process is probably quite slow to be able to push update within a couple hours Crowdstrike just bypassed the QA testing by injecting their own data files into the driver.

[_flux]

I guess Microsoft testing lacks fuzzing, then—as does Crowdstrike's.