Linked by Thom Holwerda on Sun 6th Jan 2013 23:00 UTC
Windows "It's taken longer than expected but it has finally happened: unsigned desktop applications run on Windows RT. Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible. MSFT's artificial incompatibility does not work because Windows RT is not in any way reduced in functionality. It's a clean port, and a good one. But deep in the kernel, in a hashed and signed data section protected by UEFI's Secure Boot, lies a byte that represents the minimum signing level." Good stuff. Very good stuff.
Permalink for comment 547656
To read all comments associated with this story, please click here.
RE[2]: Comment by MOS6510
by vaette on Mon 7th Jan 2013 13:40 UTC in reply to "RE: Comment by MOS6510"
vaette
Member since:
2008-08-09

The "vulnerability" is really a non-issue, the way this procedure works starts by getting administrator privileges by attaching to a system level process using the debugger. This is perfectly allowed and lands you administrator privileges at once (which more or less means that everything is already broken into). The "vulnerability" is just a question of fooling CRSS, which is basically a user-land kernel component, into poking the kernel in the ways you wish.

It is certainly not a vulnerability in the sense of permitting malicious code to do bad things, since the malicious code being able to launch and connect the debugger to arbitrary processes means that it has already done everything it needs.

Reply Parent Score: 4