Feeds

Windows 8

Apple iOS 7 makes some users literally SICK. As in puking, not upset

Excessive zoom and 3D-effect graphics in Apple's latest iOS is leaving some users reaching for the sick bucket

New vicious UEFI bootkit vuln found for Windows 8

Arr, 'tis typical: Redmond swabs lag behind OS X, again

Choosing a cloud hosting partner with confidence

Security researchers have discovered security shortcomings in Windows 8 that create a means to infect the upcoming operating system with rootkit-style malware.

Italian security consultants ITSEC discovered the security hole following an analysis of the Unified Extensible Firmware Interface (UEFI), a successor to the legacy BIOS firmware interface, that Microsoft began fully supporting with 64-bit versions of Windows 7.

ITSEC analysed the UEFI platform now that Microsoft has ported old BIOS and MBR's boot loader to the new UEFI technology in Windows 8. Andrea Allievi, a senior security researcher at ITSEC, was able to use the research to cook up what's billed as the first ever UEFI bootkit designed to hit Windows 8. The proof-of-concept malware is able to defeat Windows 8's Kernel Patch Protection and Driver Signature Enforcement policy.

The UEFI boot loader developed by Allievi overwrites the legitimate Windows 8 UEFI bootloader, bypassing security defences in the process.

"Our bootloader hooked the UEFI disk I/O routines and it intercepted the loading of the Windows 8 kernel, thus our bootkit tampered the kernel by disabling the security features used by Windows to prevent the loading of unsigned drivers," explains Marco Giuliani, a director of ITSEC.

The bootkit developed by ITSEC is comparable to forms of older MBR (Master Boot Record) rootkits that overwrite system files of older version of Windows. Bootkits capable of taking over Windows 8 machines have been around since last November but these earlier proof-of-concept nasties didn't circumvent UEFI, unlike the latest research.

Previously boot loaders and rootkits had to be developed in assembly language. But UEFI creates a means to develop system loaders much more straightforwardly using the easier C programming language, making thing easier for both legitimate developers and VXers.

"Our research attempts to show the industry that the new UEFI platform is still as insecure as the old BIOS technology, it's still vulnerable to the old attacks if the SecureBoot technology is not turned on by default," Giuliani told El Reg. "Writing a bootkit couldn't be an easier task for virus writers with the UEFI framework available, much easier than before when they needed to code in pure assembly.

"The UEFI platform will soon become the new field of war between malware writers and the security industry unless SecureBoot is used to ensure that only digitally signed UEFI bootloaders can be executed at the system bootup."

Giuliani also said that - although it's desirable from a security perspective - enabling SecureBoot by default effectively limits user choice.

ITSEC's detailed technical analysis of the Windows 8 implementation of UEFI, and its potential security shortcomings, can be found here.

The research by ITSEC follows the creation of a UEFI bootkit able to infect Mac's OS X operating systems, which was unveiled at this year's edition of the BlackHat Conference in Las Vegas by Australian security researchers Assurance. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.