Additional info. "Microsoft Secure Boot key debacle causes security panic" "...The researchers reportedly informed Microsoft of their findings between March and April this year. The Redmond giant originally declined to fix the issue, at which point the duo started an analysis and compiling proof-of-concept (PoC) evidence. Between June and July, Microsoft reversed its decision and awarded a bug bounty, pushing a fix -- MS16-094 -- last month. However, this fix was deemed "inadequate," although it has mitigated the problem, resulting in a second patch, MS16-100, being issued in August. While the second patch attempts to solve the vulnerability, The Register reports that the fix does not impact the policy flaw, and simply removes access to select bootmgr systems. As a result, a third update is expected to address this issue in September..." http://www.zdnet.com/article/micros...ebacle-causes-security-panic/#ftag=RSSbaffb68
MS has mastered the 'fix to fix the fix' and now they are honing in on mastering the 'fix to fix the fix to fix the fix'. My head is spinning. Some suggest that the exposed flaw may resurrect the Surface RT. Methinks MS probably doesn't care one way or the other about this Surface system but their other Surface systems are near and dear to them. You would think they would be pushing this fix through as a high priority silent install but they appear to be acting very nonchalant about it. Declining to fix the issue when it was first brought to their attention was a strange security (technical) decision but an even stranger business decision.
Touche It only affects Windows 8 and up and requires secure boot supported BIOS and GPU with UEFI GOP. A locked down setup that MS recommends for the utmost in security. Enterprise and Government are more likely to turn secure boot on, but fewer than 70% plus systems with this requirement are currently in this demographic. Maybe this is the real reason why MS has not been very enthusiastic about fixing the flaw.
I have to say that I am not surprised at all. I would love to read a paper where it is discussed why that decision was made. It seems that "backdoor" might be strong term, but the outcome is the same. Never leaving Linux!!
We will find out soon. It would require Admin rights, however, combined with an elevation of privilege exploit this has the potential to cause many headaches.
this is a deal breaker for any thinking human being. time to flee this **** storm of an OS. windows 10 spyOS and now this? what a pathetic company,.
You'd think that their plans of pushing Windows 10 wouldn't involve this Because aparently 7 isn't affected hehehehe.
