Microsoft FUBARs Windows Secure Boot for all eternity

[Grall]

MS mistakenly includes backdoor "key" on some of its devices; can bypass secure boot protection on ANY windows 8.1+ device; PCs, tablets, phones... Also; showed reluctance to acknowledge goof-up.

Arguably we're actually less secure now than we were without windows "secure" boot, because now there's false sense of security, and MS is allegedly unable to close the loophole because doing so would kill compatibility with bootable installation media, restore partitions and such.

 

[Malo]

Interesting article, thanks. Been reading up on it as well. It looks to be definitely a goof on a rather grand scale.

 

[Silent_Buddha]

It's actually not a golden key or a signing key of any sort. The article title is misleading in that respect. Although the security hole is real.

http://arstechnica.com/security/201...u-leaks-golden-key/?comments=1&post=31693939#

That comment on the post also contains the actual security researcher's notes on this security hole.

It affects secure boot devices but only if certain versions of Windows 10 (v1511 and earlier) are installed. Or more correctly the bootmgr from Windows 10 v1511 or earlier must be installed.

So basically Windows 8.0, 8.1 and Windows 10 v1607 and above aren't affected.

The problem is that you can still install the bootmgr from an earlier version of Windows 10. I don't know if you can do that on a Windows 8.0 or 8.1 device without first upgrading to Windows 10.

Regards,
SB

 

[BRiT]

To be pedantic, you're not any less secure with this hole and secure boot than you are without secure boot. It's only the perception of security when you're not guaranteed to be secure that is an issue.

 

[AlNom]

What is secure booty and are there sharpies involved.

 

[orangpelupa]

So, android can come to lumia? Blow that secure boot wide open, hack android into it.

If too hard, try adding one more person to type on the keyboard.

 

[Albuquerque]

The problem is that you can still install the bootmgr from an earlier version of Windows 10. I don't know if you can do that on a Windows 8.0 or 8.1 device without first upgrading to Windows 10

Yeah, the Win10 bootloater (BCD) can be used to boot any NT6 kernel-based operating system, and (unless they've changed it recently) can even be used with the backwards compatibility flag to boot NTLDR-based NT5 operating systems (XP.)

In $job-2 we purposefully used a Windows 7 BCD-based bootloader to boot our XP-based "POSReady2009" operating system images -- because it allowed us to hide an alternate boot strategy which could load our WIndowsPE-based recovery image process from a secondary partition. Needed the new boot loader for modern WinPE, and needed NTLDR for the crap, old XP-based primary OS.

We actually used a Win7-based PE image to lay down the ancient XP crap, lulz. The glory of using old, shite 3rd party off-the-shelf Point Of Sale (truly a POS in two figurative senses!) and their dependence on old, shite operating systems.

Edit: Yup, NT5 / NTLDR is still supported as a boot method in the Win10 Anniversary flavor of BCDEdit. bcdedit /create {NTLDR} /d "XP will nevAR DIE!"