Built in Bypass to Secure Boot

Friday, August 12, 2016 @ 03:08 PM gHale


There is a secure boot vulnerability that can end up exploited to bypass the security feature and install rootkits and bootkits on Windows devices, researchers said.

The idea behind secure boot is to ensure every component loaded at boot ends up signed and validated. The problem is, though, the vulnerability lies in secure boot, which is a Unified Extensible Firmware Interface (UEFI) feature that should prevent unauthorized programs or drivers from loading during the boot process of devices running Windows 8 and later.

RELATED STORIES
Windows 10 UAC Bypass
Security Vendor Patches Vulnerabilities
Fixing an Internet Security Threat
Side Channel Monitoring for Malware

On systems where secure boot remains locked down and cannot end up disabled, configuration changes can occur using policies, signed files loaded by the boot manager (bootmgr) from a UEFI variable. There are some boot loader executables (EFI files) signed by Microsoft that can end up used.

Before loading a policy, bootmgr checks it to make sure it’s valid. However, researchers discovered that Microsoft introduced a new type of Secure Boot policy during the development of Windows 10 Anniversary Update (v1607) that can all attackers to bypass the security feature.

The researchers known as Slipstream and My123 discovered that these new policies, called “supplemental” policies, load by the boot manager without being checked properly.

“The ‘supplemental’ policy contains new elements, for the merging conditions,” Slipstream said in a blog post. “These conditions are (well, at one time) unchecked by bootmgr when loading a legacy policy. And bootmgr of win10 v1511 and earlier certainly doesn’t know about them. To those bootmgrs, it has just loaded in a perfectly valid, signed policy.”

Loading a supplemental policy can enable “test-signing,” a feature that allows developers to install self-signed third-party drivers on a Windows machine. Once test-signing is enabled, an attacker can bypass Secure Boot and load a rootkit or a bootkit onto the device.

“You can see how this is very bad,” Slipstream said. “A backdoor, which MS put into secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!”

Notice of the vulnerability went out to Microsoft this spring, but the software giant initially was not going to fix it.

But since researchers were developing a proof-of-concept (PoC), Microsoft decided to award a bug bounty.

The first patch released by the company in July with the MS16-094 bulletin rated important. Microsoft noted in an advisory that the flaw (CVE-2016-3287) can end up exploited to bypass secure boot security features by installing an affected policy on the targeted device. Microsoft said the attack can only end up carried out by an attacker who has administrative privileges or physical access to the targeted system.

Slipstream said he does not think Microsoft can patch the vulnerability.