New vicious UEFI bootkit vuln found for Windows 8

[ZeroDay]

Security researchers have discovered security shortcomings in Windows 8 that create a means to infect the upcoming operating system with rootkit-style malware.

Italian security consultants ITSEC discovered the security hole following an analysis of the Unified Extensible Firmware Interface (UEFI), a successor to the legacy BIOS firmware interface, that Microsoft began fully supporting with 64-bit versions of Windows 7.

ITSEC analysed the UEFI platform now that Microsoft has ported old BIOS and MBR's boot loader to the new UEFI technology in Windows 8. Andrea Allievi, a senior security researcher at ITSEC, was able to use the research to cook up what's billed as the first ever UEFI bootkit designed to hit Windows 8. The proof-of-concept malware is able to defeat Windows 8's Kernel Patch Protection and Driver Signature Enforcement policy

Article

 

[Ink]

I read the article, but if SecureBoot is enabled this POC bootkit doesn't affect Windows 8 UEFI?

And is SecureBoot the technology that prevents Linux (ie. another OS) being installed?

 

[ZeroDay]

1) Yes I believe that is correct.

2) From what I've read secure boot just requires others OS's to provide a certificate, I know Ubuntu have taken that route.

 

[InternetChicken]

Thanks ZeroDay

 

[Nikos]

Guys what exactly i a bootkit?

Can you explain please in simpler words?

 

[ZeroDay]

Guys what exactly i a bootkit?

Can you explain please in simpler words?

See here