Windows 8 Secure Boot Diagram
Windows 8 uses UEFI (Unified Extensible Firmware Interface) Secure Boot to prevent unauthorized boot loaders (OS Loaders) from launching in the BIOS. UEFI only starts certified boot loaders, such as Windows 8, while malware can no longer use the BIOS boot method to attack users.
A security research team recently announced that the Secure Boot mechanism in Windows 8 can be bypassed on specific brands of PCs due to negligence by manufacturers when implementing the UEFI specification.
At last week's Black Hat conference, researchers Andrew Furtak, Oleksandr Bazhaniuk, and Yuriy Bulygin demonstrated two attacks bypassing Windows 8 Secure Boot on infected computers.
Secure Boot is a UEFI protocol, and McAfee researcher Bulygin stated that these attacks are not due to issues with Secure Boot itself but rather errors made by hardware manufacturers when implementing the UEFI specification. The first attack is possible because some manufacturers did not properly protect their firmware, allowing attackers to modify the code executing Secure Boot.
The researchers demonstrated a kernel-mode attack on an Asus VivoBook Q200E laptop, and Bulygin noted that some Asus desktop motherboards are also affected in the same way.
The second attack can be carried out in user mode, meaning attackers only need to gain code execution rights within the system, which is relatively simple. Hackers can exploit vulnerabilities in common software such as Java, Adobe Flash, or Microsoft Office to achieve this.
For safety reasons, the researchers did not disclose any technical details of the second attack method or reveal which manufacturers' products are affected, as the vulnerabilities used in this attack were just discovered and manufacturers have not yet had time to fix them.
However, the issue with the first kernel-mode attack was discovered a year ago, giving affected platform suppliers enough time to implement fixes.
In response, Microsoft said, "Microsoft is working with partners to ensure that Secure Boot provides consumers with a safer experience."