Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Tip

UEFI Secure Boot hacked in August 2016

Mar 25, 2017 10:43AM PDT

Oh well, Microsoft blew it again! Now new computer users are saddled with a system that soon will no longer give them the protection they expected, but will still continue the new headaches that came along with it.

"In August 2016 it was reported that two security researchers had found the 'golden key' security key Microsoft uses in signing operating systems. Technically, no key was exposed, however, an exploitable binary signed by the key was. This allows any software to run as though it was genuinely signed by Microsoft and exposes the possibility of rootkit and bootkit attacks. This also makes patching the fault impossible, since any patch can be replaced (downgraded) by the (signed) exploitable binary. Microsoft responded in a statement that the vulnerability only exists in ARM architecture and Windows RT devices, and has released two patches, however, the patches do not (can not) remove the vulnerability, which would require key replacements in end user firmware to fix."

Discussion is locked