Home » Welcome / open talk

'Secure Boot'-Enabled Windows Devices May Be Permanently Vulnerable Due To 'Golden Key' Backdoor, Say Researchers

 
Thu, 08/11/2016 - 3:22pm

by Lucian Armasu August 11, 2016 at 1:40 PM - Source: Rol

Updated, 9/11/2016, 11:20am PT: Microsoft sent us a statement shortly after we published this article. The statement is below, and we've adjusted the article copy to reflect the new information.

“The jailbreak technique described in the researchers’ report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections," said a Microsoft spokesperson.

Two security researchers, MY123 and Slipstream, uncovered multiple security vulnerabilities in Microsoft’s Secure Boot policies on Windows 8, Windows 8.1, and Windows 10 devices. The flaws can now allow anyone to unlock devices that were supposed to load only the signed Windows operating system. Because Secure Boot can now be bypassed, it also means the devices are vulnerable to bootkit and rootkit types of malware, much like PCs were in the pre-Secure Boot era.

http://www.tomshardware.com/news/windows-secure-boot-golden-...

‹ has anyone used UPS follow my delivery? text to upi file converter ›
--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!
Thu, 08/11/2016 - 3:41pm

my backdoor

While reading this I began to get a feeling of vulnerability in my backdoor until realizing that Windows 7 is not mentioned!

dobs108 mrgreen

Thu, 08/11/2016 - 3:45pm

I'm

I'm confused, which isn't that unusual but if this statement says what I think it says:

"The jailbreak technique described in the researchers’ report on August 10 does not apply to desktop or enterprise PC systems"

why is this a news worthy item to any regular PC user. confused

--
Nuvi 350, 760, 1695LM, 3790LMT, 2460LMT, 3597LMTHD, DriveLuxe 50LMTHD, DriveSmart 61, Garmin Drive 52, Garmin Backup Camera 40 and TomTom XXL540s.
Thu, 08/11/2016 - 6:38pm

It isn't newsworthy for regular PC users because...

...the persons who found this exploit tested it on a Surface RT, which would be running Windows RT, not 10. Windows RT is discontinued, and RT devices cannot be upgraded to 10.

--
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job." --Douglas Adams
Fri, 08/12/2016 - 9:58am

And

Anytime I hear "JAILBREAK" it reminds me of someone illegally accessing or bypassing certain features on devices !

--
Nuvi 2797LMT, DriveSmart 50 LMT-HD, Using Windows 10. DashCam A108C with GPS.
Fri, 08/12/2016 - 10:19am

Thanks for the info!

Thanks for the info!

--
an94
Fri, 08/12/2016 - 4:42pm

I'm impressed with the speed of update!!!

WOW, notice the first sentence......

"Updated, 9/11/2016, 11:20am PT: Microsoft sent us a statement shortly after we published this article."

They are able to update almost a month before it occurs. LOL

Fri, 08/12/2016 - 5:44pm

What was that?

garymcq wrote:

WOW, notice the first sentence......

"Updated, 9/11/2016, 11:20am PT: Microsoft sent us a statement shortly after we published this article."

They are able to update almost a month before it occurs. LOL

Didn't the article originally get published on Aug 11th (08/11) and the update was on Sept 11th (09/11)? Isn't that a month after the article was published, not a month before?

--
Nuvi 350, 760, 1695LM, 3790LMT, 2460LMT, 3597LMTHD, DriveLuxe 50LMTHD, DriveSmart 61, Garmin Drive 52, Garmin Backup Camera 40 and TomTom XXL540s.
Fri, 08/12/2016 - 6:11pm

regarding OOPS

t923347 wrote:
garymcq wrote:

WOW, notice the first sentence......

"Updated, 9/11/2016, 11:20am PT: Microsoft sent us a statement shortly after we published this article."

They are able to update almost a month before it occurs. LOL

Didn't the article originally get published on Aug 11th (08/11) and the update was on Sept 11th (09/11)? Isn't that a month after the article was published, not a month before?

Written 12 August 2016
I think garymcq is amused because
11 September 2016
is somewhat in the future

Perhaps MS have constructed a time machine, one of the major problems encountered in time travel is not that of becoming your own father or mother. There is no problem in becoming your own father or mother that a broad-minded and well-adjusted family can't cope with.

The major problem is simply one of grammar, and how to describe something that was about to happen to you in the future before you avoided it by time-jumping backward for a month, or something that happened to you in your personal past, which because of recent travel to the past is now in the future for the rest of the world.

--
the title of my autiobiography "Mistakes have been made"
Fri, 08/12/2016 - 7:25pm

Your right

Your right, I was so hung up on understanding the day and month numbers that I didn't take into account the year which put Sept in the future. Silly me. rolleyes

--
Nuvi 350, 760, 1695LM, 3790LMT, 2460LMT, 3597LMTHD, DriveLuxe 50LMTHD, DriveSmart 61, Garmin Drive 52, Garmin Backup Camera 40 and TomTom XXL540s.
Fri, 08/12/2016 - 8:39pm

um...

I'm sure the date was just a finger check..

it happens to the best of us, and I missed it too

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!
Sat, 08/13/2016 - 8:05am

Nope

Nope, Its a time machine

razz

--
the title of my autiobiography "Mistakes have been made"