Linked by Thom Holwerda on Sun 6th Jan 2013 23:00 UTC
Windows "It's taken longer than expected but it has finally happened: unsigned desktop applications run on Windows RT. Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible. MSFT's artificial incompatibility does not work because Windows RT is not in any way reduced in functionality. It's a clean port, and a good one. But deep in the kernel, in a hashed and signed data section protected by UEFI's Secure Boot, lies a byte that represents the minimum signing level." Good stuff. Very good stuff.
Thread beginning with comment 547644
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by MOS6510
by chithanh on Mon 7th Jan 2013 10:58 UTC in reply to "Comment by MOS6510"
Member since:

From the article:

a vulnerability in the Windows kernel that has existed for some time and got ported to ARM
So Microsoft cared so little about the vulnerability that they ported it from x86 to ARM kernel?

Of course they will fix it if they determine that it is against their business interests. But I think they will observe what people do with the exploit to run their own Win32 apps. Because in the meantime, it can help badly needed sales of Surface RT.

Reply Parent Score: 2

RE[2]: Comment by MOS6510
by MOS6510 on Mon 7th Jan 2013 11:02 in reply to "RE: Comment by MOS6510"
MOS6510 Member since:

Being able to install illegal software is a double edged sword I guess. It can help sell hardware, which increases the customer pool, but it also looses software sales, but without hardware in people's hands there is no software to be sold.

So you're right and it will be interesting to see when/how Microsoft will respond.

Reply Parent Score: 2

RE[3]: Comment by MOS6510
by Thom_Holwerda on Mon 7th Jan 2013 11:05 in reply to "RE[2]: Comment by MOS6510"
Thom_Holwerda Member since:

Illegal software?

Only open source software can be ported to Windows RT with this (since proprietary vendors won't, of course). How is that illegal?

Reply Parent Score: 4

RE[2]: Comment by MOS6510
by vaette on Mon 7th Jan 2013 13:40 in reply to "RE: Comment by MOS6510"
vaette Member since:

The "vulnerability" is really a non-issue, the way this procedure works starts by getting administrator privileges by attaching to a system level process using the debugger. This is perfectly allowed and lands you administrator privileges at once (which more or less means that everything is already broken into). The "vulnerability" is just a question of fooling CRSS, which is basically a user-land kernel component, into poking the kernel in the ways you wish.

It is certainly not a vulnerability in the sense of permitting malicious code to do bad things, since the malicious code being able to launch and connect the debugger to arbitrary processes means that it has already done everything it needs.

Reply Parent Score: 4