Microsoft Secure Boot key debacle causes security panic

Security failures have created "golden keys" which unlock Windows devices protected by Secure Boot. [Updated]
Written by Charlie Osborne, Contributing Writer

[Update 9.00GMT: Microsoft statement]

Microsoft has accidentally leaked the keys to the kingdom, permitting attackers to unlock devices protected by Secure Boot -- and it may not be possible to fully resolve the leak.

The design flaw in the Windows operating system can be used to unlock Windows devices, including smartphones and tablets, which are otherwise protected by Secure Boot in order to run operating systems other than Windows on locked down systems.

This, in turn, allows someone with admin rights or an attacker with physical access to a machine not only to bypass Secure Boot and run any operating system they wish, such as Linux or Android, but also permits the installation and execution of bootkit and rootkits at the deepest level of the device, security researchers MY123 and Slipstream revealed in a blog post on Tuesday.

Microsoft's Secure Boot is part of the Unified Extensible Firmware Interface (UEFI) firmware which is meant to ensure each component of the system boot process is signed and validated.

When Secure Boot is fully enabled, it also prevents users from booting up other operating systems which take their fancy. In addition, there are specific systems and devices -- such as Windows RT and Windows Phone -- where Secure Boot cannot otherwise be disabled by the user.

Secure Boot works in tandem with particular policies which are read and obeyed by Windows boot manager. For testing and tweaking purposes, Microsoft has one particular boot policy which loads early on and disables operating system checks.

While useful for developers in operating system tests, this policy also allows a user to boot whatever they wish, including self-signed binaries. The "golden key" debug and unlocking policy problem has emerged due to design flaws in the policy loading system.

The policy has been leaked online and can be used by users with admin rights to bypass Secure Boot on locked devices, as long as devices have not received the July patch update.

"You can see the irony. Also the irony in that MS themselves provided us several nice "golden keys" (as the FBI would say ;) for us to use for that purpose," the researchers write.

"About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a "secure golden key" is very bad!," the team added. "Microsoft implemented a "secure golden key" system. And the golden keys got released from MS['s] own stupidity."

The researchers reportedly informed Microsoft of their findings between March and April this year. The Redmond giant originally declined to fix the issue, at which point the duo started an analysis and compiling proof-of-concept (PoC) evidence.

Between June and July, Microsoft reversed its decision and awarded a bug bounty, pushing a fix -- MS16-094 -- last month. However, this fix was deemed "inadequate," although it has mitigated the problem, resulting in a second patch, MS16-100, being issued in August.

While the second patch attempts to solve the vulnerability, The Register reports that the fix does not impact the policy flaw, and simply removes access to select bootmgr systems. As a result, a third update is expected to address this issue in September.

"Either way, it'd be impossible in practise for MS to revoke every bootmgr earlier than a certain point, as they'd break install media, recovery partitions, backups, etc," the duo commented.

A Microsoft spokesperson told ZDNet:

"The jailbreak technique described in the researchers' report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections."

The 10 step guide to using Tor to protect your privacy

Editorial standards