Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 8 Secure Boot Defeated

Posted by samzenpus on from the what-took-so-long? dept.

jhigh writes "An Austrian security researcher is scheduled to release the first 'bootkit' for Windows 8 at the upcoming MalCon in Mumbai. This exploit loads in the MBR and stays memory resident until Windows loads, resulting in root access to the system. This allegedly defeats the new secure boot features in Windows 8's bootloader."

7 of 205 comments (clear)

  1. Windows or UEFI? by dreemernj · · Score: 4, Insightful

    Is this an exploit of Windows or of UEFI in general?

    --
    1 (short ton / firkin) = 89.1432354 slugs / keg
  2. Hey, buttholes, it's MY COMPUTER. by EmagGeek · · Score: 3, Insightful

    I'm tired of these software vendors thinking that they own the rights to my hardware that I pay for.

  3. Re:Horray! by Anonymous Coward · · Score: 1, Insightful

    Yeah but the heydays are over the next time you run Windows Update. Be Aware!

  4. Re:Could open your system up to malware like Linux by Talderas · · Score: 2, Insightful

    dou dou linux?

    Naming a flavor of linux after shit?

    --
    "Lack of speed can be overcome. In the worst case by patience." --Znork
  5. Re:UEFI doesn't have MBR by Amouth · · Score: 3, Insightful

    Agreed - that's my first question.. looks like they "defeated" secure boot by not using it to start with.

    --
    '...if only "Jumping to a Conclusion" was an event in the Olympics.'
  6. Misleading title, Secure Boot not defeated by davidwr · · Score: 5, Insightful

    Without a UEFI computer that is configured to boot only signed boot-loaders, this is not a valid test of the Secure Boot technology.

    Basically, this is a case of "of course it works that way in this scenario, it's supposed to."

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. Re:Einstein, please answer this then by Dr_Barnowl · · Score: 3, Insightful

    Windows 8 does not require secure boot - but getting a "designed for Windows 8" sticker requires that the feature is present, and switched on, in your system as shipped.

    The chilling effect that this will have on alternate operating system use (because it now requires more steps than just inserting a LiveCD / LiveUSB) is quite aside from the security implications of defeating the Windows 8 or UEFI bootloader though.