Independent researchers Slipstream and My123 recently discovered a fault in the updated policies for the Microsoft Secure Boot feature. The “supplemental” policies, as they are known, led to a flaw in the feature’s security. The vulnerability allows hackers to bypass Secure Boot. They can proceed to install rootkits and bootkits on devices, running Windows. Microsoft has reported that the Windows 8.1, Windows RT 8.1, Windows Server 2012 and Windows 10 versions of the operating system have been affected by this flaw.
Secure Boot is a UEFI (Unified Extensible Firmware Interface) feature. It was developed to protect Windows 8 and later OS versions from attacks during system boot. The feature checks the components which are loaded on boot. This task is performed to ensure the components are signed and validated. The purpose of Secure Boot is to prevent unauthorized programs and drivers from being loaded during the boot process.
Secure Boot cannot be disabled on some systems, like Windows RT, Windows Phone and HoloLens. On these systems, configuration changes can be made through special policies. The boot manager (bootmgr) loads signed files from a UEFI variable. The policies are provisioned by certain boot loader executables (EFI files), signed by Microsoft.
The bootmgr checks the validity of each policy before loading it. The security flaw resulted from a change in the Secure Boot policy, made for the Windows 10 Anniversary Update (v1607). Hackers have discovered that the new policy has a fault. They have managed to find a way to bypass the security feature.
The flaw was analyzed by Slipstream and My123. They explained that loading a supplemental policy allows developers to enable the test-signing feature. This feature gives the option to install self-signed drivers on the system. When test-signing is enabled, a hacker can bypass Secure Boot and load a bootkit or rootkit onto the machine.
Slipstream made a blog post to warn Windows users about the severity of the issue: “You can see how this is very bad. A backdoor, which MS put into secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!”.
Microsoft was notified about the discovered vulnerability earlier this spring. At first, the company said it had no intentions of addressing the subject. Researchers then started work on a proof-of-concept (PoC). This led Microsoft to change their positions and award them a bug bounty.
The first course of action Microsoft took against the vulnerability was to blacklist the affected policies. The vendor developed a patch which was released in July with the MS16-094 bulletin rated important. The company also issued an advisory to warn users that the flaw (CVE-2016-3287) allows hackers to bypass Secure Boot by installing an affected policy on the targeted system. The publication elaborates that attacks can only be carried out by hackers who have admin privileges or physical access to the device. This attempt at solving the issue proved to be ineffective. Researchers discovered that the fix can be bypassed by replacing the current bootmgr with an earlier version.
After the first patch did not manage to solve the problem, Microsoft developed a second patch. It was released earlier this month with the MS16-100 bulletin. The CVE-2016-3320 code was assigned to the targeted vulnerability. This fix blacklisted the affected boot managers. According to security experts, this method cannot eliminate the risk.
Slipstream and other researchers believe the vulnerability “cannot be truly patched”. They claim the attacks can be conducted on all Windows devices. This includes computers, tablets, phones, IoT Core systems and HoloLens.