Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Microsoft leaked it's own 'golden keys' for Windows devices

GruntyGrunty Member EpicPosts: 8,657
edited August 2016 in Hardware
http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/

"Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.

These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android."


http://www.ibtimes.co.uk/microsoft-accidentally-leaks-golden-keys-that-unlock-every-windows-device-1575542?utm_source=yahoo&utm_medium=referral&utm_campaign=rss&utm_content=/rss/yahoous/news&yptr=yahoo

What is Secure Boot?

Microsoft's Secure Boot is part of its Unified Extensible Firmware Interface (UEFI) firmware, which when fully enabled deters users from booting their devices with other OS. Additionally, in specific devices, Secure Boot users cannot disable Secure Boot.

Secure Boot works in tandem with certain policies, among which one particular boot policy is designed to load early and disable OS security checks. Although this policy is useful for developers, especially when conducting OS testing, the loophole allows users to allegedly boot devices with whichever OS they desire.

According to a report by the Register, the "golden key" debacle was born out of a design flaw in this debug-mode policy, which was accidentally shipped onto retail devices. Unfortunately for Microsoft, the leaked golden key policy is universal and works on any device that operates on the Windowsboot manager.


Since being alerted to this in March MS has released two patches reducing the vulnerability with a third patch in the works.

"I used to think the worst thing in life was to be all alone.  It's not.  The worst thing in life is to end up with people who make you feel all alone."  Robin Williams

Comments

  • RidelynnRidelynn Member EpicPosts: 7,383
    Serves them right.

    Although, I do have to say, I support the decision for a hardware vendor to lock software onto their device - they are, after all, selling both items at the same time. And you, as the consumer, have the option to not purchase that device if you don't like the fact that it's locked. That software doesn't necessarily have to be written by the hardware vendor.

    I don't support the ability for a software vendor to lock their software onto hardware that they didn't provide. It's a subtle difference, but I think it's an important distinction.

    If Microsoft wants to lock Windows onto Surface, or Toshiba to lock Windows onto their whatever, I'm ok with that. But I'm not ok with Microsoft wanting to lock Windows onto your Toshiba.
Sign In or Register to comment.