Microsoft Accidentally Leaks Golden Key To Windows Secure Boot Fortress Of Solitude, Damage Likely Irreversible


Someone at Microsoft is having one of those Southwest moments where the airlines asks, "Want to get away?" That's because someone at the Redmond outfit leaked a security key that could allow attackers to bypass the protections in Windows devices that are put in place through Secure Boot. Worse yet, now that the genie's out of the bottle, there's no putting it back in.

Security researchers MY123 and Slipstream discovered the so-called golden key that they say allows someone with admin rights or with physical access to a system to bypass Secure Boot to install and run their operating system of choice, be it Linux or whatever. But beyond that, someone with malicious intentions could plant bootkits and rootkits at deep levels.

Let's backup a moment. Secure Boot is a highly touted security of the Unified Extensible Firmware Interface (UEFI) that's replacing traditional Basic Input/Output Systems (BIOSes). When firing up a PC, Secure Boot ensures that only software that is trusted by the manufacturer and signed with a key that's certified by Microsoft is loaded. It does this by checking the signature of each piece of boot software, including firmware drivers and OS, and if they check out the PC boots, forfeiting control to the OS.

Broken Key

What the security researchers discovered is essentially a backdoor, which itself amounts to a golden key to the kingdom. They posted details of the exploit on a rather quirky website with background music and moving text that might make some people nauseous. It's an interesting (albeit lengthy) read, and they point they want to get to across is that backdoors as endorsed by the FBI are bad for security. Here's what they wrote on the topic.
A backdoor, which MS put into Secure Boot because they decided to not let the user turn it off in certain devices, allows for Secure Boot to be disabled everywhere! You can see the irony. Also the irony in that MS themselves provided us several nice 'golden keys' (as the FBI would say for us to use for that purpose.

About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a 'secure golden key' is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears.

You seriously don't understand still? Microsoft implemented a 'secure golden key' system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a 'secure golden key' system? Hopefully you can add 2+2..

Presumably the golden keys exist for debugging purposes, allowing programmers to test new builds on devices like HoloLens. But in the wrong hands, the golden keys put every Windows device at risk. The good news is the researchers informed Microsoft of this several months ago and after initially decided to ignore the issue, the company awarded a bug bounty and pushed out a pair of patches. Unfortunately, the patches don't fully resolve the problem.


A Microsoft spokesperson provided the following statement to HotHardware:

The jailbreak technique described in the researchers’ report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections."

Show comments blog comments powered by Disqus