CONNECT WITH US
Gaming

Gaming

Turns out Microsoft's Secure Boot was little better than a busted lock for about a decade

Published on

Add as a preferred source on Google
Turns out Microsoft's Secure Boot was little better than a busted lock for about a decade

Software development, much like making a stew that's a perfect umami bomb in every bite, is a tricky business. Every major commercial product is touched by many hands, and sometimes the chefs leave cardamom and bay leaves in the mix. Okay, perhaps I've overstretched the metaphor—what you need to know is that apparently Microsoft's Secure Boot was basically busted for the last decade.

Rather than leftover bones in the broth, old system images could be exploited to bypass a system's motherboard-level protection to execute dubious code during system boot. It's bad enough that this effectively makes Secure Boot redundant, but worse still, any malicious firmware installed this way could then survive swapping out the hard drive or persist past reinstalling your operating system.

The affected images were UEFI shim bootloaders, which were first introduced to extend Secure Boot support to Linux devices (though they can also be installed on Windows devices). ESET researchers identified and reported 11 of these vulnerable shims back in February. Microsoft has revoked the permission it once granted to the affected shims, so that bad actors can't continue to leverage them as a bypass (via Ars Technica).

At the risk of oversimplifying, 'Unified Extensible Firmware Interface (UEFI)' is a firmware architecture spec that initialises hardware and then allows it to transfer control to your OS during startup. As a safety precaution designed to root out boot kits, Secure Boot requires a cryptographically signed certificate from UEFI apps before they can run.

Shims, then, are little bridges of code that allow a motherboard's UEFI firmware to communicate with operating systems like Linux. Shims allow Linux to boot with Secure Boot enabled, without also requiring a key for every distro to be registered within your motherboard's NVRAM settings.

Third-party boot components, like shims, are often signed with the 'Microsoft Corporation UEFI CA 2011' certificate so that they play nice with Secure Boot. You may remember that some of the 2011 certificates used by anti-cheat software expired recently.

Anyway, the vulnerabilities resulting from these old shims affected both Linux and Windows users. The 11 shims were part of various tools and software packages, including Linux distros and PC diagnostics software (CERT has compiled a helpful list). Another twist in the tale is that bad actors could also introduce their own copy of an affected shim to a vulnerable system.

Microsoft only revoked the shims' permissions in June's monthly patch release. It's all well and good staying on top of these updates, but ESET have highlighted that at least one of the vulnerabilities they reported had already been well documented a decade ago. The fact that it lingered on for so long, without its permissions being revoked, feels like a huge oversight on Microsoft's part.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It's possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.