Hackers say Microsoft can’t revoke leaked Secure Boot policies

Madeleine Dean By: Madeleine Dean
2 minute read

Home » News » Hackers say Microsoft can’t revoke leaked Secure Boot policies

Back in July, we reported that Microsoft had managed to fix a major security vulnerability that would have allowed hackers to unlock Windows RT tablets and run non-Windows operating systems. According to recent reports, it appears the security patch wasn’t that successful, with the vulnerability still able to be exploited.

Microsoft’s firmware incorporates a feature called Secure Boot which allows devices to only boot up operating systems cryptographically signed by the tech giant. The Secure Boot feature is activated during early startup by the Windows boot manager. But there is a way to disable Secure Boot check using a special policy known as “the golden backdoor key”. If users manage to get their hands on this policy and install it on their devices, then the Windows boot manager will boot any operating system they want.

The tech giant is desperately trying to patch this vulnerability, but some hackers say it’s impossible for Microsoft to invalidate the leaked keys.

[…] Either way, it’d be impossible in practice for MS to revoke every bootmgr earlier than a certain point, as they’d break install media, recovery partitions, backups, etc.

This major vulnerability also revives the debate around the secure golden key feature started by intelligence and security services. Long story short, security services have long pushed software giants to implement a secure golden key system that could grant investigators full access to user computers. But such universal keys can easily fall into the wrong hands, as ethical hackers warn:

A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere! You can see the irony. Also the irony in that MS themselves provided us several nice “golden keys” (as the FBI would say 😉 for us to use for that purpose 🙂 About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad! […] You seriously don’t understand still? Microsoft implemented a “secure golden key” system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a “secure golden key” system?

For the time being, Microsoft is silent as always and has yet to issue any comment on this matter.

The entire report published by the two white hat hackers who  investigated this vulnerability is available online.

RELATED STORIES YOU NEED TO CHECK OUT:

Discussions

Next up

How to fix corrupt Outlook distribution lists in 3 easy steps

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
2 minute read

Distribution list or contacts list is an important shortcut allowing Outlook users to send email to multiple recipients without adding contacts individually. However, some users […]

Continue Reading

How can I fix Netflix error H7353 on Windows 10?

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
5 minute read

Netflix is certainly the most popular streaming service at the moment. With hundreds of TV shows, movies, and documentaries. A lot of them in their […]

Continue Reading

Mic not working in Windows 10 Xbox app? Here are 7 fixes

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
5 minute read

The Xbox app for Windows 10 was intended as a cross-platform all-in-one gaming hub. However, since its ascension, it hasn’t worked all that great, both […]

Continue Reading