Some Windows devices could be vulnerable to attacks with Secure Boot issue

By John Callaham
published

Two security researchers have publicly revealed issues in the Secure Boot security software that's included in many Windows devices. Attackers could, in theory, exploit this issue and bypass Secure Boot to install bootkits and rootkits on those devices.

The researchers posted their findings in a rather noisy and retro-styled website earlier this week. Microsoft started using Secure Boot with Windows 8, and it is supposed to confirm that the bootloader can only run on that system. It was designed to keep malware or rootkits from booting on a device as well.

However, the researchers found that someone had leaked a Microsoft-created policy, meant just for developers for debugging, on the internet:

A backdoor, which MS put into Secure Boot because they decided to not let the user turn it off in certain devices, allows for Secure Boot to be disabled everywhere.

The researchers informed Microsoft of this Secure Boot issue earlier this year. ZDNet reports that Microsoft has since released two patches to fix this issue; one arrived in July and another earlier this week. A third patch is due for release in September. Even with these attempts to solve this problem, the researchers believe it will not be possible to fix this flaw in every Windows device that uses Secure Boot.

John Callaham
John Callaham
44 Comments
  • According to the news articles in Microsoft's own curated news app, these backdoors were added for the benefit of the FBI. Not for developers, as this article suggests. FYI.
  • No point down voting me, I can't do anything about it. Check out the MSN news app yourself. If you don't like it, complain to MS and the FBI. None of it was my doing. We can't really act all surprised. The German government warned us about W10 already, so we were well aware when we installed it.
  • So what are you suggesting, Microsoft filters out news sources that they don't approve of?
  • Farewell to 'secure' Windows Mobile. Good luck for hp selling it's super expensive phony.
  • Microsoft is about a secure as a Mcdonalds play place at this point.  
  • Really?!!! Its not like oh lets target those HP Elite x3 mobile.  Oh wait they are not close to 1000 units. Come on. I'd like to see them try.  It's not like these vulnerability is so easy to do.  It's not a walk in the park still.  Android maybe the most unsecure OS out there.
  • Obama was given Android phone. I suppose NSA was aware how insecure Windows mobiles are.
  • Please provide us the link to this article instead of telling us to use the MSN news app to look for the article, or at least provide us the title so that we can search for it.
  • The usual clickbait brigade is soaking up the FBI angle despite there being no actual evidence that authorities are involved. You aren't missing anything really.
  • From what I've read on this so far, I'm curious to know more about how one could be affected from a phone standpoint. This would only be something installed onto a phone when there's physical access, correct? I buy some unlocked phones online where the regions do not seal the box, so I'd like to know if I need to take anything else into consideration. Thanks!
  • Secure Boot is not secure any longer. That's a mistake made by MS.
    But that doesn't mean that hackers can use it for malware and virus attacks !
  • Mistake, good one!
  • You mean it was installed to keep people from easily installing windows 7 on their new windows 8 or 10 machine that they don't like.
  • The problem with that would be driver support for some devices.
  • Or people could repurpose the old Windows RT tablets and install Android or Linux on them if they wanted to now with the golden key leak. THE HORROR!
  • It's amusing. I've been considering loading Android onto my Lumia 950 (apps ya know, plus there's a certain "It's gotta be possible" factor), and this gets reported. Wonder if this works with phones. Alright screw it, people are down voting me for this. Let's get the number so far into the negative I get permanently banned from mobile nations. It's obviously what you want.
  • How do you even load Android onto a Windows 10 mobile phone? Please enlighten me.
  • I am upvoteing the crap out of you!  GO For it if you do,  I will buy a 950 xl used, and load android N on it!  It will be an AWESOME device...MOZO wood back, android N with apps actual useage,  and secruity...as it stands now MS has none and spys on it users more than north korea does on it's citizens!
  • It's not worth the kids toy Android OS.
  • Its much better than the failing POS OS called windows 10.
  • My first thought when I heard of this news, too. I would install Android to my Surface 2 the very second I am able to do so.
  • Well that's not good.
  • Great. Thanks Nadella!
  • Secure boot already present since Windows 8 bro Posted via the Windows Central App for Android
  • It does work on phones. One of the articles says those guys will release a tool in a week or so, and it will theoretically allow you to install Android in a Lumia 950 or other crazy stuff for example. Haha. I wonder if it can be used to interop unlock Lumia 950 and 950 xl :0 Also the disadvantages would be that maybe reset protection is now worthless even though it was only in USA... I'm not really sure about this though, maybe it doesn't go that far.
  • Yeah because MS made the needed drivers for those people that want to run android on it. Grow up!
  • Great news. Secure boot is stupid and users should be able to disable it anyway. This potentialy allows people to install other OSes on Windows RT devices, for example.
  • So for four years we had unsecure boot! Heaven for NSA!
    Thanks Microsoft...
  • The boot is now insecure because they just released the keys for that.
  • So, in layman's terms, what does this all mean (So I can explain it to my non-techie friends) ?
  • I dont know if many people know exactly what this means. It probably means people can boot other OSs. I dont have any clue if malware can use this to exploit boot on a normal machine and inject its malware at start up. But I dont know and the sites reporting this havent enlightened me on this stuff so hopefully someone will soon so we can really know what the heck is going on.
  • It means its about time you ditch microdaft for good.  That that it means!
  • In theory this is a big blunder for Microsoft in terms of security. In practice? Probably not so much. In order to take advantage of this: One must still have physical access to the device and have admin privileges. This still doesn't bypass BitLocker encryption of the drive (It's technically possible for a malicious program being loaded into the bootloader to catch the decryption key, but on the surface of this situation any data will still be encrypted and secured). This isn't going to be some virus that can install itself from the internet and spill all your data to the FBI or NSA as so many people are claiming: Someone with malicious intent must physically be in possession of the device. So while this is still bad: Unless you're being targeted directly by the FBI or some other government agency, not too much will come of this aside from maybe some new hacks for Windows devices with ARM architecture. In the meantime, I would advise all drug lords with government agents hot on their trails to not fully trust that their transactional Excel Workbooks are fully secure, might want to password protect it or something. Tl;dr: This is really bad on Microsoft and they should definitely patch it, but for everyday consumers this won't have any major repercussions and it's not so serious that you need to retreat to the nearest electromagnetic-shielded underground bunker immediately or anytime like that. Just hope your Surface Book doesn't end up on an FBI agent's desk.
  • You could wrap this as "Windows RT devices being jailbroken" and get more clicks.
  • "Noisy and retro-styled"? Glass houses, man. At least their website doesn't bring my computer to a grinding halt under the crushing weight of more-ads-than-content...
  • Whats funny is that windows central is smooth and fast on Chrome,  however on edge and IE its like cold molasses 
  • Ikr Posted via the Windows Central App for Android
  • It's super smooth on Edge for me.
  • All software/firmware has bugs/loopholes. That is why we get security updates. Moreover, Secure Boot is a UEFI feature. To completely fix this PC makers needs to push out firmware updates. You guys can take the ******** a notch down.
  • Let's see. A SECURITY feature creating specifically a VULNERABILITY. Nah nothing to see here, back to sipping my kool-aid. Did someone say zero-day SSL exploit, or zero-day iOS exploit? What happened when BlackBerry tried to deny governments backdoors? Sorry true believers, there is evil in this world, true story...
  • So this is exactly the same thing as Android being rooted or iOS jailbroken.
  • this opens door to getting android on windows phone devices secure boot was never about security it was about stopping people installing other os than ms made
  • I mean, yes... Technically tinkerers could get cracking on forcing Android to boot up on a Lumia 950 or something, but unless they're also writing the drivers for it: I'm not sure it'd necessarily be an ideal experience.
  • Microsoft insiders are now testing patches for this to be released to the general public in about 6-8 months!