Jump to content

Microsoft Mistakenly Leaks Secure Boot Key


Recommended Posts

This is serious for all users of Windows both PCs and phones, all form factors. Apparently some yo-yo at Microsoft (who should be hung) distributed the MS keys to defeat secure boot. Folks may remember the brouhaha over a smart phone the FBI wanted Apple to provide a key for to defeat security in the future, a golden key as the FBI called it. Apple refused and also refused to put a back door in iOS for future use.


While the Microsoft current debacle just smacks of stupidity, or malicious employee actions, it points up the very real dangers of having a backdoor or "golden key" for developers. Now we all are vulnerable. (Except maybe Windows 7 systems without the secure boot hardweare and software?)


This affects all PCs and Phones using Windows. Microsoft has already tried to patch with limited success and is working on it.


No excuse for this.




"Opponents of the government’s constant talk about intentional backdoors and exceptional access finally may have their case study as to why it’s such a bad idea.


Two researchers operating under aliases (my123 and slipstream) this week posted a report—accompanied by a relentless chiptune—that reveals how Microsoft inadvertently published a Secure Boot policy that acts as a backdoor that allows for the UEFI firmware feature to be disabled and for anyone to load unsigned or self-signed code.


The gaffe, meant to be a legitimate debugging and testing feature, affects Windows-based devices with Secure Boot on by default; Secure Boot checks that any components loaded during boot are digitally signed (by Microsoft) and verified. As a result of the error, users can run self-signed binaries on affected devices or install non-Windows operating systems.


Worse, the researchers said, is that it’s unlikely Microsoft can clean up this mess. For two months running, Microsoft has published security bulletins on Patch Tuesday that includes updates to Secure Boot. Neither, according to my123 and slipstream, has fully addressed this issue.


“It’d be impossible in practise for MS to revoke every bootmgr earlier than a certain point, as they’d break install media, recovery partitions, backups, etc,” the researchers wrote in their report.


Microsoft did not respond to a request for comment in time for publication."


Links to the original researchers reports with the bad music in the background can be found, along with more details in the original Threatpost article here: https://threatpost.com/microsoft-mistakenly-leaks-secure-boot-key/119828/

http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998

When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius


“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

RVers Online University



RV Destinations

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

RVTravel.com Logo

  • Create New...