Microsoft Leaks Security Keys that Let Malicious Software be Installed on Windows Machines
There’s a new security blunder going around and it doesn’t have to do with Apple or Google this time, but rather with Microsoft. It appears that the Windows creator has apparently leaked by accident a series of security keys that would allow Windows PCs, tablets and phones be unlocked and loaded with other OSes and software that may be malicious.
The discovery comes from security researchers MY123 and Splistream, who made the unveiling this week. It has actually been going on for a while and Microsoft even released some fixes, but without great effect. A patch came in July and another one is also expected soon. Researchers claim that it’s impossible for Microsoft to make the keys useless.
The thing is that things aren’t as bad as they seem at first glance, since the user would physically need to access the target device and use the key, then install software on the machine. These “golden keys” can unlock all devices sealed by Secure Boot and basically on devices that don’t allow you to disable Secure Boot even if you have admin rights, like the ARM Windows RT slates for example.
Well, now you can sidestep the block and run GNU/Linux or Android.