Microsoft Accidentally Leaks 'Golden Keys' Protecting Millions of Windows Devices

It’s has been week since Microsoft released the anniversary update for its users. Recently, Microsoft fixed the flaws and released updates for them. But, now another major risk has popped up that can allow hackers to unlock the devices that are protected by Unified Extensible Firmware Interface (UEFI) Secure Boot feature.

Microsoft Accidentally Leaks ‘Golden Keys’ Protecting Millions of Windows Devices

First, let’s know what is Secure Boot Feature? Secure boot is a security feature that ensures to secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature.

In brief, when secure boot is enabled, the users will be only able to boot the officially approved versions of Microsoft operating systems. It also helps to protect devices from malware which can hijack your systems bootloader.

Golden Keys discovered by two researchers, using alias MY123 and Slipstream in the Month of March 2016 can be utilized to break the security provided by UEFI Secure Boot and can install non-windows operating systems like Ubuntu or any other Linux distribution on devices protected by Secure Boot.

Golden keys are nothing more than a secure boot policies that are created by Microsoft for developers, testers and programmers to perform any debugging procedure. According to the blog post published by researchers, it will be impossible for Microsoft to reverse what has been done.

According to The Register, the problem actually observed in the secure boot policy system, where a uniquely signed policy loads ahead and disables cryptographical signature checking process.

Researchers said “During the development of Windows 10 v1607 ‘Redstone’, MS added a new type of secure boot policy. Namely, “supplemental” policies that are located in the EFIESP partition (rather than in a UEFI variable)..”

“A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!”

The researchers wrote in the blog post “About the FBI: are you reading this? If you are, then this is a perfect real world example of why your idea of backdooring cryptosystems with a ‘secure golden key’ is very bad!”

“Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don’t understand still? Microsoft implemented a “secure golden key” system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a “secure golden key” system?”

Recently, Microsoft released 9 security updates to patch 34 severe flaws. Therefore, those users who already upgraded their systems to Microsoft’s new operating system Windows 10 should install the latest security updates as soon as possible to stay secure.

COMMENTS

AUTHOR