Update: In his Twitter feed, Kleinsser now states that his new Windows 8 bootkit is "not attacking UEFI or secure boot, right now working with the legacy BIOS only" He later added, "I informed Microsoft in advance. They have the full source and the paper, and I offered some suggestions."
Original story: Microsoft has promoted the fact that its upcoming Windows 8 operating system will have built in malware and virus protection. One of those features would require any software that would be loaded by Windows 8 when it boots up to have a digital authentication. In theory this would defeat any malware that might reside in the Windows 8-based PC.
But now, according to a new report on Ars Technica, a security researcher named Peter Kleissner claims to have created a "bootkit" for Windows 8 that would bypass the OS's secure boot loader. The Austria-based Kleinsser previously released a bootkit for Windows XP, Windows Vista, Windows 7, and Windows Server 2003 that installed into the OS's kernel in order for the user to gain full access to even encrypted drives within the PC.
So far, Kleinsser has yet to offer much in the way of details concerning his new Windows 8-based bootkit but he did say in a Twitter post that the file could be started via a CD-ROM or a USB drive. Microsoft has said specifically in the past that its malware protection features for Windows 8 would prevent a USB drive infected with malware to be installed with Windows 8.
Kleinsser is tentatively scheduled to attend the MalCon conference in Mumbai, India next week where he plans to release the bootkit code publicly, although he might release the code remotely if he is unable to attend.
The other interesting bit is that this bypass occurs happens before the OS starts booting according to the information provided. This could mean that it is a flaw in the UEFI spec or a UEFI implementation.
It should be heavily noted that the final version of Windows 8 is far from public release. As such, Microsoft could, or may have already, patched the vulnerability described by Kleinsser.
38 Comments - Add comment