Tuesday, August 16, 2016

Oops! Microsoft acciedntally leaks back door keys to bypass UEFI Secure Boot

The issue actually resides in the Secure Boot policy loading system, where a specially signed policy loads early and disables the operating system signature checks, the reg reports.

This specific Secure Boot policy was created and signed by Microsoft for developers, testers, and programmers for debugging purposes.
"During the development of Windows 10 v1607 'Redstone,' MS added a new type of secure boot policy. Namely, "supplemental" policies that are located in the EFIESP partition…" researcher said.
"...a backdoor, which MS put into secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!"
Yesterday, Microsoft released August Patch Tuesday that includes a security patch for designing flaw in Secure Boot for the second time in two months, but unfortunately, the patch is not complete.

thehackernews.com  10 Aug 2016

And whoever said there are no back doors in 'their' operating systems is a liar.
The company's sometimes shortened name MS should stand for Mass Surveillance. 

No comments: