Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Austrian researcher reveals BIOS intercept rootkit for Windows 8

As Infosecurity reported last week, the rootkit from Kleissner, an Austrian security researcher, effectively means that root level access could be gained to the new operating system before the kernel code of the operating system is loaded.

According to the Maximum PC newswire, while many coders were playing around with the Windows 8 Developer Preview, Kleissner was vetting it for possible vulnerabilities.

"Whatever he was up to seems to have worked. Kleissner has successfully identified a vulnerability in this early version of the upcoming operating system and even posted a video of his proof-of-concept 'Stoned Lite' bootkit successfully exploiting this flaw", says the newswire.

Infosecurity notes that the rootkit works by using a CMD privilege escalation – carried out by loaded a low-level driver into memory before the Windows 8 operating system kernel loads.

Amazingly, the bootkit (or rootkit, whichever term you use) is just 14 kilobytes in size, suggesting the Kleissner has used his own compiler.

The MaximumPC newswire, meanwhile, quoted the researcher as saying that the rootkit attack methodology does not exploit the Unified Extensible Firmware Interface (UEFI) feature of Windows 8 or a secure boot approach, but uses a BIOS intercept.

As the newswire observed, with the release of Windows 8 still a fair way away, Microsoft has plenty of time to fix this bug discovered by Kleissner.

What’s Hot on Infosecurity Magazine?