Security researchers have demonstrated that it is possible for attackers to bypass the Windows 8 Secure Boot mechanism and modify the code for enforcing Secure Boot.
Secure Boot is a feature of the unified extensible firmware interface (UEFI) specification which allows trusted software components to be loading during the boot sequence. The UEFI looks for trusted digital signatures to avoid malware from loading during the boot process.
They said the exploit was possible not because of flaws in the Secure Boot itself but because vendors that implemented the UEFI committed errors in their implementation.
The first exploit works if vendors do not properly protect their firmware. The exploit is designed to modify the platform key. In order to work, the exploit needs to be executed in kernel mode.
The second exploit ran in user mode. This means that an attacker only needs to gain code execution rights on the system by exploiting a vulnerability in applications such as Adobe, Flash, Java or Microsoft Office.
Bulygin said Secure Boot is still a big step forward in computer security since in order to install boot kits now attackers need to first identify a vulnerability that would allow them to bypass Secure Boot.
Microsoft said it is now working with partners to “help ensure that secure boot delivers a great security experience for customers.”