An error made by Microsoft in the way it set up the testing and debugging of Windows 10 means that users can bypass hardware protections designed to ensure non-Microsoft operating systems can't be installed on Windows PC, tablet and mobile devices.
Discovered by researchers 'My123' and 'Slipstream', the problem revolves around Microsoft's use of Secure Boot and the policies associated with that process.
Typically, as part of the boot process for a Windows tablet or phone, the system will check that the operating system has a signed signature, and the right policies, to continue with the boot process. Part of this process involves checking the integrity and source of the OS is signed with a Microsoft certificate. If it's not - say, if you're trying to get Linux to run on your Windows RT tablet - it won't work.
However, by accidentally leaking a development mode policy that disables this protection in machines that ultimately became part of the retail chain, that 'golden key' (so called as it unlocks OS policy permissions) has ended up online, allowing anyone to bypass the protections.
"A backdoor, which [Microsoft] put in to secure boot because [it] decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere," Slipstream wrote.
The researchers say that despite reporting it to Microsoft in April this year, the company didn't see it as a problem or award a bug bounty for discovering it until nearly July. Subsequent patches have rolled out to mitigate the issue, but haven't entirely fixed it, The Register reports.
On one hand, if you've got an all-but abandoned Windows RT tablet or old Windows Phone lying around, there's probably a good chance you can still work around the intended restrictions - on the other side of that equation, however, it also allows anyone that can access your computer physically or remotely to install code at the core of the system without it being checked.
The leak highlights the need for an uncompromising position on privacy and encryption - a 'secure golden key' that can blanket unlock a whole host of different devices is always a really, really bad idea.
WIRED has approached Microsoft for comment and will update this piece accordingly.
This article was originally published by WIRED UK
