Microsoft accidentally leaked the golden keys to the Windows kingdom. The keys allow hackers to unlock every Windows device, including tablets, phones and other devices that are protected by Secure Boot. The most alarming part about the leak is that it is believed that it may likely be impossible for Microsoft to fully recover from the leak.
The leakwas uncovered by two security researchers MY123 and Slipstream, who revealed in a (Star Wars-style) blog that the security flaw allowed malicious entities with admin rights or physical access to a device can bypass Secure Boot to not only run other operating systems (OS) like Linux or Android on the device but also install and execute rootkits and bootkits, at the most deeply penetrated level of the device.
The researchers wrote: "A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere! You can see the irony. Also the irony in that MS themselves provided us several nice 'golden keys' (as the FBI would say) for us to use for that purpose."
Note: Physical Access is needed.
Edited by JohnC_21, 11 August 2016 - 11:09 AM.