If you think you’re having a bad week, you need to take a step back and think of the poor souls at Microsoft who broke one of the company’s most guarded security features. Thanks to it, attackers can now disable Secure Boot on a number of systems, and the hackers that discovered the security flaw are warning that it may never be patched.
A group of hackers, or security researchers if you want, have shown that thanks to a number of changes related to the way UEFI works on Windows systems, said systems are now far less secure. Microsoft screwed up in their Secure Boot implementation and the researchers were able to bypass the security feature and install different operating systems or malicious rootkits.
Microsoft tried to address the flaw in an initial patch back in July, MS16-094. However, the patch didn’t actually fix the problem so Microsoft came back with another implementation this month, MS16-100 detailed in the Patch Tuesday notes.
Unfortunately, this latest patch just aims to revoke access for a number of boot manager (bootmgr) versions, not fix the flaw entirely. According to the hackers that originally found the flaw, this is an untenable situation because “it'd be impossible in practice for MS to revoke every bootmgr earlier than a certain point, as they'd break install media, recovery partitions, backups, etc”.
Microsoft is expected to release a third patch in September to try and address the issue, but the researchers are warning that things may never be the same again.
Source: Ring of Lightning