- Jan 19, 2015
- 230
By Eduard Kovacs on August 10, 2016
Microsoft has been attempting to patch a serious Secure Boot vulnerability that can be exploited to bypass the security feature and install rootkits and bootkits on Windows devices. Researchers believe the security flaw cannot be fully patched.
-
On systems where Secure Boot is locked down and cannot be disabled (e.g. Windows RT, HoloLens, Windows Phone), configuration changes can be made using policies, signed files loaded by the boot manager (bootmgr) from a UEFI variable. There are some boot loader executables (EFI files) signed by Microsoft that can be used to provision such policies.
Before loading a policy, bootmgr checks it to make sure it’s valid. However, researchers discovered that Microsoft introduced a new type of Secure Boot policy during the development of Windows 10 Anniversary Update (v1607) that can be abused to bypass the security feature.
Microsoft has been attempting to patch a serious Secure Boot vulnerability that can be exploited to bypass the security feature and install rootkits and bootkits on Windows devices. Researchers believe the security flaw cannot be fully patched.
-
On systems where Secure Boot is locked down and cannot be disabled (e.g. Windows RT, HoloLens, Windows Phone), configuration changes can be made using policies, signed files loaded by the boot manager (bootmgr) from a UEFI variable. There are some boot loader executables (EFI files) signed by Microsoft that can be used to provision such policies.
Before loading a policy, bootmgr checks it to make sure it’s valid. However, researchers discovered that Microsoft introduced a new type of Secure Boot policy during the development of Windows 10 Anniversary Update (v1607) that can be abused to bypass the security feature.