UEFI News and Commentary

Friday, September 21, 2012

UEFI/Win8 Security Vulnerability (Yawn...)

Put "UEFI" or "Win8" next to rootkit in an article, as was done by The Register, and you are sure to generate some buzz. Based on a technical report by ITSEC (found here), it talks about how you can install a root kit, if you can get your code loaded so that it can modify the Windows 8 boot loader. As taken apart by Matthew Garrett (analysis here), Linux developer, the rootkit is neither new nor unexpected.

Basically, to quote the rootkit author (Marco Giuliani) in the Register article: "Our research attempts to show the industry that the new UEFI platform is still as insecure as the old BIOS technology, it's still vulnerable to the old attacks if the SecureBoot technology is not turned on by default," [emphasis mine] Which, by the way, Microsoft is requiring every OEM to do as part of its partner program.

So the, how did The Register come up with the tag line, "Arr, 'tis typical: Redmond swabs lag behind OS X, again" Really? I am not sure how Secure Boot lags behind the OS X validation scheme, but this ITSEC report sure doesn't show it. In fact, it seems to me that OS X is pretty much in the same camp as Win 8 when it comes to multi-OS booting.

No comments: