Windows 8 was supposed to arrive with a secure boot, but it seems that things might not be like that after all, and the first demonstration of how the User Account Control (UAC) in Windows 8 Developer Preview can be defeated has emerged into the wild. This is none other than the Stoned Lite bootkit that Austrian security researcher Peter Kleissner has been working on for the past few weeks.
Softpedia already
reported on the matter, as Kleissner announced about a week ago that he planned on bringing its proof-of-concept to the MalCon conference set to take place in India on November 25th.
Since that day has come, the demonstration emerged as well, and you can have a look at the clip at the bottom of this article.
For those out of the loop, we should note that Stoned Lite was designed to infect the MBR, which is not being verified in legacy startup.
However, the bootkit will store components outside the normal file system, and will have startup files hooked before Windows actually starts.
It was also developed so as to patch the password validation function, thus enabling the use of any password with any account.
The bootkit remains active in the memory, and can be launched from an USB drive or even from a CD.
In Windows 8, Microsoft plans on including a variety of new security features, starting with the UEFI-based secure boot, which is mandatory for all OEMs who plan on being UEFI-certified.
The SmartScreen filtering has been improved for Windows 8 and for Internet Explorer, and applications and ULRs are being checked against a database.
Peter Kleissner, however, proves that there still are some flaws in Microsoft’s products, and that the company should consider adding more security features into the mix.
Stoned Lite is actually the second bootkit that the Austrian developer created. The first of them, Stoned, affects all Windows systems from Windows 2000 to Windows 7, and has its source code available on Kleissner’s
website.
Find us on Google+
