Microsoft carelessly performed an “accidental” intrinsic issue, in which includes a world-wide universal backdoor of their most popular software. This issue had accidentally leaked the known exploit as “Golden-Key.” This Golden Key does provide the users to have the ability to unlock any device, which supposedly uses the protection of “Secure Boot.” Such devices that use this encryption are phones and tablets.

This key will basically allow any user to have the ability to completely bypass any provisions in which Microsoft Corporation has set into motion ostensibly, in order to prevent any harmful malicious replica of Windows from being installed. This is affected by those devices utilizing Windows 8.1 and newer that utilizes “Secure Boot.”

*This issue indicates that users who use Windows Enterprise for their main frame software are not able to install any operating systems. Other operating systems restricted from this would include Linux.

Those who use Windows 8.1 and up, for their mobility services, are not able to install Linux over the main hard drive of their respective devices. This also enables bad actors that posses the physical access to a machine to install feel level root and boot kits. To make matters worse, according to the security researchers who found these keys, they also discovered this issue is in fact, a decision which Microsoft may not be able to reverse.

These Golden Keys were exploited by hack groups “My123,” as well as “Slipstream” in March this year. The two posted a rather unusual, but complete description of both Microsoft’s security errors, as well as the seemingly reluctance to patch the issue. The security researchers also notated the use of “snafu” is in fact, a real-world demonstration of the lack of the wisdom with the FBI’s more recent demands about placing universal backdoors on Apple’s iPhone and iPad devices.

They wrote: “A backdoor, which MS put in to Secure Boot because they decide to not let the user turn it off in certain devices, allows for Secure Boot to be disabled everywhere! You can see the irony. Also the irony in that MS themselves provided us several nice “golden keys” (as the FBI would say) 😉 for us to use for that purpose :)”

The security researchers discovered a way to obtain these golden keys. Note: These keys are not PKI-Type private keys – which would be normally used to create sign binaries – rather, they are a way to alter the tasks executed by the UEFI at boot, which is bundled into the dormant form on retail devices. In which case, this has been left in as a debugging tool by accident. Now…this apparently is now available online, allowing any user to possess the ability to turn off their Secure Boot.

In essence, if you turn off Secure Boot, you are no longer protected… However, if you leave Secure Boot enabled, you are still not protected.

Secure Boot operates at the direct firmware level. This is also designed only to allow a specific operating system signed with a certified key from Microsoft, allowing the completion of the loading to the operating system environment. This can be completely disabled on several computer-based devices. However, with other devices utilizing the Windows environment, this is hard-coded directly into the device.

This golden key policy appears to have been created to allow internal debugging purposes. This then allows the operating system signature secure checks to be disabled. And apparently, this allows programmers to test their new builds. While talking practical terms, this can easily create a Pandora’s box for Microsoft’s tablets and mobile phones, for some extremely malicious attacks.

When first warned about this exploit, Microsoft dismissed this as a non-issue. As time moved on, the company changed their mind, and have since released 2 major patches. These patches includes the “MS16-094,” as well as the patch “MS16-100.” Microsoft also announced their work on a 3rd patch, as we speak. It is also understood that none of them possess the ability to directly shut the back door. There also appears to be a distinct plausibility that the hole opened by the golden keys may not be truly closable.

As reported by the researchers, “It’d by impossible in practice for MS to revoke every bootmgr earlier than a certain point, as they’d break install media, recovery partitions, backups, etc.”

In February, during the wake of the San Bernardino shootings in the United States, the Federal Department of Investigation had demanded Apple to start introducing backdoor’s into their products. This is due to the difficulty of gaining access to Apple-based products to recover information on an iPhone that belonged to one of the shooters.

Sources: TechNet.Micorosft, Arstechnica, Twitter.

This article (Microsoft’s Backdoor Key Leaves the Firmware Exposed) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.