Software giant Microsoft accidently leaked a firmware component that provides backdoor access to its devices. These Secret Keys allow hackers to unlock devices protected by UEFI (Unified Extensible Firmware Interface) Secure Boot feature. Coined as the “golden keys”, anyone with this tool can load any operating system on a restricted Windows device. This means that one can load Android or Linux on to a Windows Phone, Windows RT tablet or HoloLens.
Also someone with a malicious intent can load a rootkit to gain full control over the system. Interestingly, Microsoft designed this tool for internal debugging to be used by their engineers to authenticate OS boots with Microsoft approved software but the code was uncovered by security researchers by the aliases “MY123” and “Slipstream” who found it pre-loaded on Microsoft devices.
Microsoft issued a patch for this vulnerability in June-July, but that did not prove adequate and released another patch in August. While the August patch does not impact the policy flaw, it simply removes access to select bootmgr systems. As a result, a third update is expected to address this issue in September.
[PasteBin via Fortune,
Hacker News
Leave a Reply