Microsoft accidentally [?] Forgot the code debugging mode that allows circumvent UEFI Secure Boot

Source: xakep.ru

Two independent researchers, known as pseudonyms MY123 and the Slipstream, revealed dangerous error in Windows. The bug allows to bypass Secure Boot feature, which does not install on Windows-based device is a different operating system, and also protects the device against rootkits that can hack bootloader. The researchers write that, in fact, found the universal “golden keys” (golden keys) from the Secure Boot, recall that Microsoft simply can not.

Researchers have notified the developers about the problem in March and April 2016, and Microsoft has twice tried to fix bugs discovered them, but has not yet succeeded. The first patch, MS16-096 (CVE-2016-3287), released in July 2016, but it has not solved the problem through. The second patch, MS16-100 (CVE-2016-3320), was presented at this week, August 9, however, the researchers wrote that the correction happened again incomplete.

MY123 and Slipstream was told that the problem first appeared in Windows 10 v1607 Redstone, when Microsoft has added a new code, additional policy for Secure Boot. With the introduction of this policy is also an opportunity to disable Secure Boot function at all, that is, in this case, no verification at boot time will not be made.

The researchers were able to change the Secure Boot in test mode, called “testsigning”. In fact, it allows anyone who has physical access to the device, download any unsigned files do anything with bootloader or, if desired, generally replace the whole OS entirely. Incidentally, such a possibility can obviously come to mind to users Windows RT and Windows Phone, which in principle can not disable Secure Boot.

Apparently, the policy and the regime - are the remnants debagerskih tools that were used to work on Windows 10, so that it easier for developers to load unsigned drivers. Whatever it was, is now vulnerable to a variety of devices Secure Boot went on sale, and accidentally forgotten your code policy is now a perfect backdoor that allows third parties to access the device.

“It’s ironic that the MS independently provided us with” golden keys “(as the FBI would call them :) By the way, about the FBI.? If you’re reading this reading, here’s a perfect example of why the idea to equip cryptographic backdoor” golden key ” - it is very, very bad people who are smarter than me, long ago told you about this, but it seems that you closed your ears and did not want to hear you really do not understand Microsoft introduced the “gold security key” in the system and now about these!.?. “golden keys” became aware of the foolishness of MS And now once again:.? What would happen if all the force to create a “golden key” to the system, I hope you are able to add up 2 + 2 “, - says the Slipstream.

Meanwhile, researchers published a script to unlock the tablet running on Windows RT-based, so that users do not install the latest patches can be used at its discretion. The researchers also believe that to withdraw all bootmgr and bootmgfw Microsoft simply can not, because then “break” a lot of software, backups, partition recovery and so on.

12 August 2016

Hacker taught a good lesson cheater, forcing him to set the cipher Locky
“Kaspersky Lab” has developed its own operating system

• Recommended update KB3133977 disables some computers to Windows 7 64-bit »»»
Everyone knows what the Microsoft's efforts, to translate the customer base to the new operating system Windows 10.
• Users of Windows 10 can be a digital slaves Microsoft »»»
Release of the new operating system from Microsoft waited by millions of users worldwide.
• The development of Windows 8 »»»
Today, the Windows team blog 8 LeBlan Brandon said that the development of the new Windows is completed.
• Chinese authorities prefer Windows 7 due to backdoors in Windows 8 and Windows 8.1 »»»
According to local media, the municipal government of China intend to abandon the use of operating systems, Windows 8 and Windows 8.
• Empfohlene Update KB3133977 deaktiviert einige Computer auf Windows 7 64-bit »»»
Jeder weiß, was die Microsofts Bemühungen, die Kundenbasis auf das neue Betriebssystem Windows 10.


Copyright © 2009
IT-Новости / Dig-Life