430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Backdoor keys allow attackers to the bypass UEFI Secure Boot

Once again Microsoft failed in fixing a severe Secure Boot vulnerability that can be exploited to install rootkits on Windows devices. Microsoft has accidentally leaked the Secret keys to Bypass UEFI Secure Boot. The Secure Boot is a UEFI (Unified Extensible Firmware Interface) feature that should prevent the execution of unauthorized code during the boot process. The […]

Backdoor keys allow attackers to the bypass UEFI Secure Boot

Once again Microsoft failed in fixing a severe Secure Boot vulnerability that can be exploited to install rootkits on Windows devices.

Microsoft has accidentally leaked the Secret keys to Bypass UEFI Secure Boot. The Secure Boot is a UEFI (Unified Extensible Firmware Interface) feature that should prevent the execution of unauthorized code during the boot process. The Secure Boot is implemented in devices running Windows 8 and later, it ensures that every component loaded at boot is trustable because it is signed and validated.

The Secure Book prevents rootkit infections and also prevents the execution of non-Microsoft operating system on the device.

The Secret keys were disclosed by two security researchers, using the monikers MY123 and Slipstream.

The security duo discovered that Microsoft introduced a new policy for the Secure Boot during the development of Windows 10 Anniversary Update (v1607).

The experts discovered that the new policies, called “supplemental” policies, are loaded by the boot manager without implementing the proper checks.

The supplemental policy was implemented to allow developers to install self-signed third-party drivers on a Windows machine, the feature is also known as “test-signing.”

An attacker can exploit this feature to bypass the Secure Boot and load a rootkit at the device boot.

“The “supplemental” policy does NOT contain a DeviceID. And, because they were meant to be merged into a base policy, they don’t contain any BCD rules either, which means that if they are loaded, you can enable testsigning. Not just for windows (to load unsigned driver, ie rootkit), but for the {bootmgr} element as well, which allows bootmgr to run what is effectively an unsigned .efi (ie bootkit)!!! (In practise, the .efi file must be signed, but it can be self-signed) You can see how this is very bad!!” reads a blog post published by Slipstream. “A backdoor, which MS put into secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!”

Secure boot uefi

The bad news for Microsoft is that it is impossible to fully revoke the leaked keys, this means that any Windows-based device can be potentially unlocked due to the presence of the backdoor.

Microsoft has recently released the August Patch Tuesday that tried to fix the issue in the Secure Boot, but for the second consecutive month, it evidently has failed.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Secure Boot, Microsoft)