The Windows kernel allows loading drivers signed with revoked certificates. The DirtyMoe driver is also signed with revoked certificates that are moreover widely abused in other malware. Motivated by these facts, this article analyzes the mechanism of how Windows manages certificate revocation...