MICROSOFT MISTAKENLY LEAKS SECURE BOOT KEY
Two researchers operating under aliases (my123 and slipstream) this week posted a report—accompanied by a relentless chiptune—that reveals how Microsoft inadvertently published a Secure Boot policy that acts as a backdoor that allows for the UEFI firmware feature to be disabled and for anyone to load unsigned or self-signed code.
Related Posts Windows PDF Library Flaw Puts Edge Users at Risk for RCE August 9, 2016 , 2:59 pm A Month Without Adobe Flash Player Patches August 9, 2016 , 12:50 pm New Technique Checks Mitigation Bypasses Earlier August 1, 2016 , 1:00 pm The gaffe, meant to be a legitimate debugging and testing feature, affects Windows-based devices with Secure Boot on by default; Secure Boot checks that any components loaded during boot are digitally signed (by Microsoft) and verified.
As a result of the error, users can run self-signed binaries on affected devices or install non-Windows operating systems. Worse, the researchers said, is that it’s unlikely Microsoft can clean up this mess. For two months running, Microsoft has published security bulletins on Patch Tuesday that includes updates to Secure Boot. Neither, according to my123 and slipstream, has fully addressed this issue. “It’d be impossible in practise for MS to revoke every bootmgr earlier than a certain point, as they’d break install media, recovery partitions, backups, etc,” the researchers wrote in their report.
Source | threatpost