Microsoft allows policies to circumvent Secure drain Boat

Aug

11

2016

Microsoft has accidentally leaked a Secure Boot policy, which makes it possible to provide other operating systems by circumventing Secure Boot Windows devices. The risk arises at root and boot kits that can be installed in this way.

Keys The researchers have discovered the policy, writing that Microsoft probably will not be possible to correct the error. Microsoft flaw has to do with the fact that a new type of ‘additional’ Secure Boot-policy has been added to the Redstone version of Windows. This is among other things not provided with a device ID, and can therefore be co-used in order to allow test signing, so laying the researchers ‘MY123 “and” Slip Stream’ out. In this way, load an unsigned efi file.

The policy that makes this possible and by the researchers as “golden key” is referred to, has been leaked and available online, so let The know Register. Thus, for example, be installed on Windows devices like phones and tablets another operating system, which is not normally possible. This is stopped by Secure Boot, which is part of the UEFI firmware. This technique ensures that only signed components are loaded during the boot process. Secure Boot on some devices can not be disabled, such as phones, tablets, Windows RT and the HoloLens.

For debugging purposes in Microsoft, however, has a special policy put in place, for example to enable the testing of operating systems without having to sign it always says The Register. The policy works regardless of the CPU-variant and can be applied to both arm and x86 devices. The fact that Secure Boot can be circumvented in some cases is problematic because this risk implies that attackers can install a root or bootkit.

The researchers in March contacted Microsoft and the company informed of their findings. Initially let Microsoft know that no action would take, and the researchers decided to develop a proof of concept. In April, however, the company returned to its previous decision and returned a bug bounty out. In June, followed the first patch, in which a number of policy’s were added to a black list. However, this solution according to the researchers easily circumvented by using an earlier bootmgr. This week, Microsoft came up with a second patch, in which different boot managers were withdrawn. This solution is not workable because not all boot managers can be withdrawn without causing damage, the researchers said. A third patch is expected.

In their post, they also turn to the FBI and state that this incident shows exactly why it’s not a good idea to create a “safe golden key”, eg encryption. At a given moment this will, in fact drain.

Viewing:-85

In: Technology & Gadgets Asked By: [15176 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »