Windows 8 Bootkit « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » Technical notes

Windows 8 Bootkit

(4 posts) (2 voices)

Started 12 years ago by mikiem2
Latest reply from Anonymous

mikiem2
Moderator

http://www.itsec.it/2012/09/18/uefi-technology-say-hello-to-the-windows-8-bootkit/

PCs/laptops until recently all used a Bios on the motherboard to both control the hardware & start the OS [Windows, *nix etc.] -- this is changing with the UEFI Bios, which still controls hardware, but moves much of the code &/or functions of the user interface & starting the OS from difficult, specialized Assembly language in the firmware to a more universal UEFI Framework written much like any other programming code. In effect this means a nicer Bios GUI, where you might use the mouse etc., have a larger number of options, including things like a *nix OS that will run from the Bios, & because you're no longer limited to a few MB of code flashed to the Bios chip(s), you have much more flexibility, much fewer limitations. [ http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface ]

Win8 has the option for manufacturers to include basically key matching in their Bios code, so if a boot loader doesn't have a matching key it won't start. This should be more secure, though it makes the *nix folks jump through hoops -- not every *nix distribution or version will have some sort of key mechanism available.

While the article doesn't deal with win8's SecureBoot tech itself, it does provide a lot of good info on how UEFI works I think, though it is more on the tech or geeky side of things, & the article does make the point with a proof of concept Bootkit, that UEFI is easier to work with, in theory making things easier for those writing mal-ware.

Posted 12 years ago #
Anonymous
Unregistered

halfdone Bootkit by Microsoft not secure

Posted 12 years ago #
Anonymous
Unregistered

http://www.theregister.co.uk/2012/09/19/win8_rootkit/

New vicious UEFI bootkit vuln found for Windows 8

Arr, 'tis typical: Redmond swabs lag behind OS X, again

TSEC analysed the UEFI platform now that Microsoft has ported old BIOS and MBR's boot loader to the new UEFI technology in Windows 8. Andrea Allievi, a senior security researcher at ITSEC, was able to use the research to cook up what's billed as the first ever UEFI bootkit designed to hit Windows 8. The proof-of-concept malware is able to defeat Windows 8's Kernel Patch Protection and Driver Signature Enforcement policy.
The UEFI boot loader developed by Allievi overwrites the legitimate Windows 8 UEFI bootloader, bypassing security defences in the process.
"Our bootloader hooked the UEFI disk I/O routines and it intercepted the loading of the Windows 8 kernel, thus our bootkit tampered the kernel by disabling the security features used by Windows to prevent the loading of unsigned drivers," explains Marco Giuliani, a director of ITSEC.
The bootkit developed by ITSEC is comparable to forms of older MBR (Master Boot Record) rootkits that overwrite system files of older version of Windows. Bootkits capable of taking over Windows 8 machines have been around since last November but these earlier proof-of-concept nasties didn't circumvent UEFI, unlike the latest research.

Previously boot loaders and rootkits had to be developed in assembly language. But UEFI creates a means to develop system loaders much more straightforwardly using the easier C programming language, making thing easier for both legitimate developers and VXers.

Posted 12 years ago #
Anonymous
Unregistered

Looks like its works as some can not fit EASEUS Partition Master so as it need the boot to bad if you think you need but you don't as it built in Windows 7 and 8

Posted 11 years ago #

RSS feed for this topic

Reply

You must log in to post.