By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Sign In
Time puterTime puter
Aa
  • Home
  • Social Media
  • Softwares
  • Gadgets
  • Mobiles
  • Solution
  • Apple
  • News
  • Contact Us!
Reading: ‘Golden keys’ that unlock Windows’ Secure Boot protection discovered
Share
Time puterTime puter
Aa
Search
  • Home
  • Social Media
  • Softwares
  • Gadgets
  • Mobiles
  • Solution
  • Apple
  • News
  • Contact Us!
Have an existing account? Sign In
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Time puter > Gadgets > ‘Golden keys’ that unlock Windows’ Secure Boot protection discovered
Gadgets

‘Golden keys’ that unlock Windows’ Secure Boot protection discovered

Deep
Last updated: 2016/08/12 at 11:27 AM
Deep Published August 12, 2016
Share
4 Min Read

key antique in lock stock

Microsoft just offered a masterclass on why building back doors into secure systems are a bad idea.

Two security researchers who go by the handles @never_released and @TheWack0lianon Twitter recently announced in a blog post that malicious actors can bypass Windows’ Secure Boot feature on vulnerable machines, as first reported by ZDNet.

If exploited, this would allow bad guys to load all kinds of software on a target machine, from bootkits and rootkits to a completely different operating system. The researchers says they first notified Microsoft about the issue around March-April 2016.

Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI) that was first added in Windows 8. It makes sure components loaded onto your PC during boot are trusted. The whole point of Secure Boot is to prevent rogue software from loading onto your machine.

Unfortunately, Microsoft created a back door of sorts for Secure Boot by creating a policy that allows developers to load software without the usual integrity checks. The need for such a policy—perhaps better thought of as a rule that governs how Secure Boot operates—was honest enough. Microsoft wanted to allow for testing various builds of Windows without the need for all the usual checks.

As you can imagine, having this policy available to the public would be a very bad idea since it would allow anyone to bypass Secure Boot—thus rendering the feature pointless.

Naturally, the policy leaked online, allowing anyone with enough hacker chops to create malware with it and attack vulnerable machines.

Where it gets really tricky is that some Windows 10 devices can’t turn off UEFI (and thus Secure Boot) to prevent the bypass, such as Windows phones and lowly Windows RT machines.

Update: When approached for comment, a Microsoft spokesperson said the following:

“The jailbreak technique described in the researchers’ report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections.”

Microsoft has already released two security patches—one in July and one in August—to try and fix the problem. Apparently, however, these fixes are not completely sufficient, though they do help. Regardless, if you haven’t updated your Windows device in a while, installing both of those updates is important to gain some protection from this potential threat.

The impact on you at home: While this is a particularly nasty security flaw, an attacker still needs either physical access to your PC or administrative privileges for it to be of any use. That means the usual security precautions apply. Always run anti-virus to keep malware seeking to gain administrative access off your machine. Be careful where you go online, and which attachments you open from your email. Never leave your PC unattended in public. Finally, always keep up with the latest security patches for Windows and your installed software—especially your browser.

source”cncb”

TAGGED: 'Golden, boot, discovered, keys, protection, Secure, that, unlock, Windows

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
[mc4wp_form]
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Deep August 12, 2016
Share
Previous Article Ad,blockers,circumvent,Facebook’s,unblockable,ads
Next Article Govt reports on expenditure: Approximately Rs 4135.85 crore spent on 22 IITs, Rs 463 crore on 19 IIMs

Recent Post

  • The Consequences of Ignoring Pregnancy Cravings: Potential Risks and Challenges
  • Navigating Pregnancy After Abdominoplasty: Considerations and Precautions
  • Managing Itchy Breasts During Pregnancy: Causes and Solutions
  • Understanding Eye Twitching During Pregnancy
  • Blessed with a Bundle of Joy: Our Family is Growing!
  • Surprising Dad on Father’s Day with the Best Gift Ever: A New Baby!
  • The Benefits of Using Spider Tape for Pregnancy Support and Comfort
  • Cakes to announce pregnancy: Baby on the Way and a Cake to Match!
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc..

[mc4wp_form]
Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?