Posted on 07/12/2016 8:08:46 PM PDT by Utilizer
Microsoft's July round of patches fixes a vulnerability that could be used to bypass the Secure Boot protection feature if an attacker simply adds a policy to the target Windows systems.
Microsoft mandates Secure Boot on newer PCs designed to run Windows. The feature is implemented in the unified extensible firmware interface (UEFI) code that checks the Windows boot loader before it starts up the operating system, to ensure it is digitally signed by Microsoft.
Secure Boot can, however, be bypassed completely by applying a Windows group policy, providing attackers with full access to systems thought to be locked down.
"An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device," Microsoft said...
(Excerpt) Read more at itnews.com.au ...
This one rated as "critical". I suppose that's a bit more professional-sounding than "awkward".
Ping!
Geez... I think this is covered by my post a few minutes back about Patch Tuesday, but if it draws some good comments I’ll ping the list later. Thanks for posting and pinging!
This whole “Secure Boot” thing bothers me. Two-edged sword if ever there was one.
Yeah. I saw your post directly after I reloaded the index page after I started this thread. You must have posted your thread while I was still formatting this one, thus the overlap.
By all means, let us see what comments this one draws by its specificity and combined with yours we might have some good observations come about because of them both.
Cheers!
Oh, and I agree about the whole “UEFI” concept currently being implemented. I can all too easily see a day come about when the u-soft people have engineered it to the point where if you are not running a validated up-to-date version of Windows(tm) (or are running Linux, BSD, OS/2, etc) the machine will not boot or will hang from the beginning.
Not such a difficult concept to consider when you contemplate the maneuvers the ‘doze people have been foisting upon unsuspecting users to force them to “upgrade” to win10 like it or not.
Will this disable booting from a CD/DVD?
Not the same thing. This deals with the boot process itself, not the Selected Boot Medium.
And the software designers for the other aspect of it should have done a bit more research before selecting “Unrestricted Electronic Fuel Injection” as their concept name.
If it isn’t POSIX-compliant, why would you want to boot it into hardware you own?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.