Security researchers have apparently devised a way to take over a Windows 7 system.
Well, sort of…
From Network World:
Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference.
“There’s no fix for this. It cannot be fixed. It’s a design problem,” Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.
When I first read this I was smiling thinking wow, that’s cool. Until I read a little further on and noticed that in order for the attack to work there has to be physical access to the machine. This attack does not work remotely.
Not nearly as sexy as I first thought. Still it makes for some interesting reading.
This is potentially pretty sexy, I think, even with the need for physical presence.
This can probably evade disk encryption, because you’re owning a legitimate boot sequence (depending on how the disk encryption interacts with the Windows boot I guess).
This sounds like any other generic popping in a bootable cd and booting into Linux to scrape hashes or replace binaries, but rather than booting into something that can simply manipulate Windows, you’re letting Windows actually boot and you have real privs inside it.
That might be interesting, especially as a quick reboot, walk-by owning of a bank of systems.