Attacks before system startup

Discussion in 'malware problems & news' started by Minimalist, Jun 25, 2014.

Thread Status:
Not open for further replies.
  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    http://www.securelist.com/en/blog/8228/Attacks_before_system_startup
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I haven´t read everything yet, but I thought this was a thing of the past, because of PatchGuard and Driver Signing? :cautious:
    If I´m correct, it´s not that easy anymore to load a malicious driver on Win 64 bit.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    Not quite right. You should read the article it is nicely explained.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    Here is a quote:
    "It comes as no surprise that, as UEFI became universally implemented, it attracted the interest of independent researchers as a potential attack vector (one, two, three). The list of possible penetration points is quite extensive and includes compromising (injecting, replacing or infecting) OS boot loaders and EFI, compromising UEFI drivers, directly accessing SPI Flash from the operating system and many others. In the case of booting in UEFI+Legacy (CSM) mode, old methods of infecting the system used by bootkit developers remain effective. It is also quite obvious that if the pre-boot execution environment is compromised, all the Windows security mechanisms, such as Patch Guard, driver signature verification etc., are rendered useless."
     
Loading...
Thread Status:
Not open for further replies.