You simply sign a corporate contract and pay a corporate fee, and MICROS~1 will sign any shitty broken and backdoored bootloader that you send to them with zero quality control, and it was like that with Windows drivers for years.
Or, like me, they never trusted it to begin with.
If it says Microslop on it, it’s broken.
BY DESIGN
Microsoft has yet to explain how or why the lapse occurred.
Highly skilled technical staff are expensive, and it turns out that some people still use Windows when Microsoft doesn’t hire the talent necessary to keep Windows working.
Edit: Also, bribes from three letter government agencies are probably pretty nice.
The number of times I’ve seen a fix not get pushed because somebody got laid off is a lot higher than you might think.
I cannot make certain teams at my work give a shit about known security vulnerabilities in libraries they use, since they don’t trip our internal scanners. People have their own priorities. ¯\_(ツ)_/¯
tldr: Either use your own keys or don’t trust secure boot.
I am not a hacker, but what I gathered from the article is that this is due to shims with vulnerabilities being left as trusted instead of being revoked. If that’s the case, wouldn’t the hacker be using a modified version of a compromised shim? It shouldn’t have to be a shim that you actually use right? Or does the signed shim have to correspond to thr correct OS that signed it?
There exists shims that are signed by Microsoft and were not revoked. Normally this would be fine but these shims had weaknesses that allowes hackers to load any code using them. Normally the shims should only run other signed/trusted code. These vulnerable shims can be used to bypass secure boot by replacing your existing bootloader with the shim and then running rootkits/hackerOS/whatever and bypass bitlocker using TPM or just running a level 0 virus that can’t be detected by the OS on any PC which trusts Microsoft’s keys (99% of all PCs)
To prevent this you’d have to not trust the vulnerable shims by either adding them manually to the exclusions list or using your own secure boot keys which would only trust the few bootloader files your pc uses and no other files.
Worst case: it behaves as if secure boot wasn’t on. Without secure boot you wouldn’t need this exploit cause then you can replace the bootloader with whatever you want anyways. With or without secure boot you need administrative permission to replace the bootloader so this is only an issue after your PC is already compromised or if someone had physical access to your PC.
No wonder no three letter agency has ever complained about it
The gaffe is the result of the failure by Microsoft, which oversees the signing of shims, to revoke the publicly available images once vulnerabilities were found in them.
no one noticed
Did that get Berenstained? I distinctly remember it being broken a decade a ago…
Its been broken multiple times, which is why its important to update your BIOS firmware if your motherboard manufacturer says they have patched security issues.






