Microsoft Denies Windows PC Secure Boot Compromise
Anonymous security researchers are claiming that Microsoft has compromised the Windows "secure boot" protection scheme.
The researchers, going by the names of "my123" and "slipstream," posted a technical explanation of the problem, claiming that a "test-signing" capability provides a mean for compromising secure boot because of a change Microsoft made with the latest Windows 10 release, code-named "Redstone." In essence, it created a "golden key" for bypassing secure boot, they claimed.
The researchers said that Windows 10 "Redstone" has a supplemental boot-manager policy that gets merged with the older Windows 10 "Threshold 2" boot-manager policy. That's a problem because "an attacker can just replace a later bootmgr with an earlier one," the researchers claimed.
Microsoft issued two patches, MS16-094 in July and MS16-100 in August, to address the issue, but the "blacklisting" performed by these patches won't work if the boot manager gets rolled back to the Threshold 2 policy, the researchers contended. It's an enduring issue because "it'd be impossible in practice for MS to revoke every bootmgr earlier than a certain point, as they'd break install media, recovery partitions, backups, etc.," the researchers stated.
The researchers said that they had notified the Microsoft Security Response Center about the problem in March, but Microsoft initially wouldn't address the issue. In July, though, Microsoft awarded the researchers a bug bounty, the researchers claimed. That's hard to verify since Microsoft's security research credit page notably doesn't list credits for the MS16-094 and MS16-100 patches. Both patches are rated by Microsoft as "Important."
Microsoft apparently doesn't agree with the anonymous security researchers' claims about secure boot being compromised. At least, Microsoft denies that x86-based PCs are compromised.
"The jailbreak technique described in the researchers' report on August 10 does not apply to desktop or enterprise PC systems," a Microsoft spokesperson stated via e-mail. "It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections."
The secure boot protection scheme is designed to ensure that the software that's run during a computer bootup is trusted software. It uses a key in the computer's firmware to make such a check, warding off potential "bootkit"- or "rootkit"-style malware infections. Present-day antimalware software used with BIOS-based computer systems can't detect these rootkits. Secure boot is a capability for newer Unified Extensible Firmware Interface (UEFI)-based machines rather than the older BIOS-based ones.
Microsoft declared its support for secure boot for all new Windows machines in 2011. That backing elicited discussions among Linux developers, since it was thought that operating systems would be required to be signed to new hardware, which could be a stumbling block for Linux distro developers.
Secure boot has some obvious security benefits. Microsoft seems to be denying it's been compromised for PCs, but they didn't deny potential issues for Windows RT devices.
Software security firm Qualys hasn't tested the secure boot patches in its labs yet, but Amol Sarwate, director of Vulnerability Labs at Qualys, concurred that just Windows RT devices could be affected.
"The impact is on Windows RT tablets and phones where disabling Secure Boot is not otherwise possible without the leaked policy (i.e. golden key) signed by Microsoft," Sarwate said, via e-mail. The attacker would have to have physical access to the device, he added.
"My guess is that it is unlikely that enterprise PCs are locked down by Secure Boot, so I don't see it having a huge impact on that front," Sarwate said. "But organizations that use any Windows phone or RT devices should take note, as users could install the magic policy which will make the boot manager not verify that it is booting an official Windows operating system."
At that point, it would be possible to install an operating system and "try to access data on the device," he added.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.