Windows 8 was supposed to arrive with a secure boot, but it
seems that things might not be like that after all, and the first
demonstration of how the User Account Control (UAC) in Windows 8
Developer Preview can be defeated has emerged into the wild.
This is none other than the Stoned Lite bootkit that Austrian security
researcher Peter Kleissner has been working on for the past few weeks.
Softpedia already
reported on the matter, as Kleissner announced about a week ago that he planned on bringing its proof-of-concept to the MalCon conference set to take place in India on November 25th.
Since that day has come, the demonstration emerged as well, and you can have a look at the clip at the bottom of this article.
For those out of the loop, we should note that Stoned Lite was designed
to infect the MBR, which is not being verified in legacy startup.
However, the bootkit will store components outside the normal file
system, and will have startup files hooked before Windows actually
starts.
It was also developed so as to patch the password validation function, thus enabling the use of any password with any account.
The bootkit remains active in the memory, and can be launched from an USB drive or even from a CD.
In Windows 8, Microsoft plans on including a variety of new security
features, starting with the UEFI-based secure boot, which is mandatory
for all OEMs who plan on being UEFI-certified.
The SmartScreen
filtering has been improved for Windows 8 and for Internet Explorer,
and applications and ULRs are being checked against a database.
Peter Kleissner, however, proves that there still are some flaws in
Microsoft’s products, and that the company should consider adding more
security features into the mix.
Stoned Lite is actually the
second bootkit that the Austrian developer created. The first of them,
Stoned, affects all Windows systems from Windows 2000 to Windows 7, and
has its source code available on Kleissner’s
website.
http://vimeo.com/32666961
Aucun commentaire:
Enregistrer un commentaire