Pulkit Chandna reports - Security researcher demos Windows 8 bootkit bypassing UAC:
Few men can lay claim to being ahead of their time like Peter Kleissner. While most of us were busy playing around with the Windows 8 Developer Preview, this Austrian security researcher was vetting it for possible vulnerabilities. Whatever he was up to seems to have worked. Kleissner has successfully identified a vulnerability in this early version of the upcoming operating system and even posted a video of his proof-of-concept “Stoned Lite” bootkit successfully exploiting this flaw. Hit the jump for the video.
Here is a video of his 14KB bootkit called Stoned Lite successfully bypassing Windows 8 User Account Control. “This shows how to use Stoned Lite to get SYSTEM rights on Windows 8 through the cmd privilege escalation (done by a driver loaded by the bootkit). The infector is just 14 KB of size and bypasses the UAC,” reads the video’s description on Vimeo.
Upon being asked on Twitter if the exploit in any way circumvented UEFI, Kleissner clarified: “No it's not attacking UEFI or secure boot, right now working with the legacy BIOS only (details will be in the paper).”
With the release of Windows 8 still a fair way away, Microsoft has plenty of time to fix this bug discovered by Kleissner, who is a bootkit junkie of sorts having previously developed a bootkit called Stoned as a proof-of-concept for a vulnerability in Windows XP, Windows Vista, Windows 7 and Windows Server 2003.