HomeNewsMicrosoft's Secure Boot has been broken for a decade and no one...

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

The Complexity of Secure Boot and Its Vulnerabilities

The expiration of the Microsoft certificate that signed the shims at the end of last month adds another layer of complexity to the ongoing challenges faced with Secure Boot. Despite this expiration, these shims identified by ESET remain active, raising serious concerns about the security measures in place.

A Gallery of Defective Wedges

The shims pinpointed by ESET facilitate the function of secondary components that are vulnerable to a range of exploits. For instance, the Oracle shim signs a binary that is susceptible to CVE-2015-5381, a vulnerability that requires minimal skill to exploit, according to security researcher Smolár. Other shims that have been identified fail to support vital protections, such as MOK Deny List enforcement and SBAT enforcement, which were implemented after the release of these vulnerable components. Moreover, some shims harbor vulnerabilities within their own code, further complicating the security landscape.

Due to space constraints, many additional insights from Tuesday’s report have been omitted from this article. For a comprehensive understanding, readers are encouraged to explore the full report.

A Worrying Prospect

These vulnerable wedges pose a threat to both Windows and Linux systems, although they are unlikely to affect Windows 11 secure core PCs in their default settings. Windows users who have installed Microsoft’s June update bundle are protected from these vulnerabilities. For Linux users, it is advisable to check the Linux Vendor Firmware service or consult their distributor for guidance. The revocation status of these shims can be assessed using the uefi-dbx-audit script.

Alarmingly, the possibility that attackers have had the ability to bypass Secure Boot for over a decade using relatively simple scripts calls into question the efficacy of the mechanism that Microsoft, in collaboration with hardware manufacturers, has proposed. The sheer complexity of the system is a significant factor in this predicament.

“This is a strong rebuke of the entire Secure Boot model,” stated HD Moore, a firmware security expert, CEO, and founder of runZero, who has long been a critic of Secure Boot. His criticisms include Microsoft being the default root of trust for the entire UEFI platform, the inadequacy of protection scalability, and the capability for components to boot even after the expiration of top-level certificates.

Moore further elaborated, “The end result is a large number of signed items unknown (to everyone except Microsoft) that bypass Secure Boot – some of which can then be used to start other things – and both of which have normal security bugs and other errors that mean they can be used to boot almost anything. The whole ecosystem is somewhat broken and needs a reboot.”

For further details and a deeper understanding of the issue, please refer to the full article Here.

“`

Must Read
Related News

LEAVE A REPLY

Please enter your comment!
Please enter your name here