According to a new report, someone at Microsoft appears to have leaked a security key which can enable hackers to bypass safety features put in place using Secure Boot. The golden key was discovered by two security researchers who say that it will enable anyone with admin rights to circumvent Secure Boot to install and run any OS they want. Someone with nefarious designs could use the same exploit to install rootkits and bootkits deep within the system.
Secure Boot is a critical safety feature which ensures on boot up that only software that’s trusted by the manufacturer and signed with a Microsoft-certified key is loaded. It checks the signature of every bit of boot software and the PC will only boot if everything is as it should be.
The security researchers explain that basically what Microsoft did was implement a secure golden key system and the keys later got released, they were presumably released for debugging purposes so that developers could test new builds on devices like the HoloLens.
If those keys end up in wrong hands it could put countless Windows-powered devices at risk. The researchers did inform Microsoft of this and the company did send out patches to address the issue but it remains to be seen if the patches fully address the problem.
Filed in . Read more about Microsoft and Windows. Source: hothardware