Microsoft’s Secure Boot has been broken for a decade and no one noticed until now



Further complicating the process, even the expiration of the Microsoft certificate that signed the shims, which took place late last month, isn’t enough to revoke the ones ESET identified.

A rogue’s gallery of defective shims

The shims identified by ESET authorize secondary components that are known to be vulnerable to various exploits. The Oracle shim, for instance, signs a binary vulnerable to CVE-2015-5381. Smolár said the skill required to exploit the vulnerability is low. Other vulnerable shims fail to support protections, such as MOK deny-list enforcement and SBAT enforcement, both of which came into effect after the affected shim was released. Still other identified shims contain vulnerabilities in their own code.

In the interest of brevity, many additional details included in Tuesday’s report are omitted from this article.

An unsettling prospect

As noted, these vulnerable shims can be used against Windows and Linux machines alike, although likely not Windows 11 Secured-core PCs in their default state. Any Windows user who has installed Microsoft’s June update batch is no longer vulnerable. Linux users should check the Linux Vendor Firmware Service or consult their distributor. Revocation statuses are available using the uefi-dbx-audit script.

The prospect that attackers have had the means to bypass Secure Boot for more than a decade through what amounts to hack-by-numbers scripts isn’t much of an endorsement of the mechanism proposed by Microsoft in partnership with hardware makers. As mentioned earlier, a key contributor to this debacle is its complexity.

“This is a solid rebuke of the entire secure boot model,” HD Moore, a firmware security expert, CEO and founder of runZero, and a long-time critic of Secure Boot, said in an interview. His complaints include Microsoft being the de facto root of trust for the entire UEFI platform, the inability of the protection to scale sufficiently, and the ability for components to boot even after top-level certificates expire.

“The end result is a huge number of unknown (to everyone but Microsoft) signed things that bypass Secure Boot—some of which can then be used to boot other things—and both have normal security bugs and other mistakes that mean they can be used to boot nearly anything,” Moore added. “The whole ecosystem is somewhat broken and needs a reboot.”



Source link

  • Related Posts

    Former Employees Sue Over Meta’s Alleged Use Of Biased AI Systems During Layoffs

    Twenty-six former Meta employees are suing the company for allegedly using biased AI tools that “disproportionately selected” people who took medical leave as candidates to be laid off, Reuters reports.…

    OpenAI’s First Device Will Reportedly Be a Portable Smart Speaker

    OpenAI’s entry into the world of consumer devices is expected to begin with the release of a portable smart speaker that lacks a screen, according to a Bloomberg report on…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Oilsands emissions on track to outpace reductions from Pathways project: economist

    Oilsands emissions on track to outpace reductions from Pathways project: economist

    1 dead, 2 missing after boat capsizes near Alcatraz in San Francisco Bay

    1 dead, 2 missing after boat capsizes near Alcatraz in San Francisco Bay

    Seven Britons among those killed in Spain wildfires

    Seven Britons among those killed in Spain wildfires

    Alberta program helping inmates with FASD adjust to life beyond bars hailed a success

    Alberta program helping inmates with FASD adjust to life beyond bars hailed a success

    Brazilian airline Gol launches New York in premium shift

    Brazilian airline Gol launches New York in premium shift

    Former Employees Sue Over Meta’s Alleged Use Of Biased AI Systems During Layoffs

    Former Employees Sue Over Meta’s Alleged Use Of Biased AI Systems During Layoffs