Microsoft backdoor key leaked


Microsoft apparently leaked their own firmware backdoor. It appears the backdoor may have been created as a way for Microsoft to override its firmware protections on certain Windows hardware for testing purposes.

Ars Technica:

The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled.

And while this means that enterprising users will be able to install any operating system--Linux, for instance--on their Windows tablet, it also allows bad actors with physical access to a machine to install bootkits and rootkits at deep levels. Worse, according to the security researchers who found the keys, this is a decision Microsoft may be unable to reverse.

Since some devices, such as phones and tablets, are hard coded, it may be impossible to patch.

This is just another example of how a designed backdoor can cause all sort of problems. Once the credentials are compromised, all devices are vulnerable.