Microsoft removed the built-in backdoor from Windows RT, which allows you to bypass Secure Boot and install Linux

The backdoor is also present in Windows 8.1, Windows Server 2012, Windows 10 and Windows Server Core

With the latest Patch Tuesday July 12, 2016, Microsoft removed the dev-backdoor in Windows RT - in the version of the Windows 8.x operating system ported to devices with 32-bit ARMv7. With it, developers and hackers could install operating systems not approved by Microsoft on tablets. For example, Android or GNU / Linux.

The backdoor was introduced by Microsoft programmers during the OS development phase , but after installing the latest update, the tablets will be permanently tied to Windows RT at the hardware level.

Windows RT is a dead-end operating system that has no future. Microsoft has stopped further development. Until the end of the official term of support for Windows RT tablets, it did not last long. So, support for Surface RT tablets ends in 2017, and Windows RT in 2018.
')
For this reason, it is so important to be able to install an alternative operating system on the tablets. For some users who received the Windows RT tablet against their wishes (for example, were presented at a presentation or given at work), the ability to install Linux was the only way to get at least some benefit from this gift.

The monthly update of software products Patch Tuesday is traditionally held on the second Tuesday of each month. On this day, a cumulative patch package for the entire month is released, most of which fix Microsoft security vulnerabilities. Together with the latest update, security bulletin MS16-094 has been released, having the status of Important .

The Secure Boot Protocol in UEFI (Unified Extensible Firmware Interface) BIOS checks the signatures of the boot code and blocks any bootloader if the signatures do not match. Thus, it is impossible to start an unauthorized bootloader on a computer with the Secure Boot protocol enabled. For more information on cryptographic keys and verification code in Secure Boot, see the article " A little about UEFI and Secure Boot ."

On most computers this is not a particular problem, because you can disable Secure Boot in the BIOS if you have physical access to the computer.


Disable Secure Boot

But only on ARM tablets with Windows RT preinstalled, the Secure Boot protocol does not turn off at all in normal mode.

Naturally, the inability to install on a good (in hardware) tablet a normal operating system was terribly annoying. After a long research and reverse development, someone still managed to find a way to bypass the “safe boot” procedure on Windows RT tablets using a specially crafted policy that could disable the verification of the boot code signature, allowing arbitrary drivers to be loaded on the device. In addition, an attacker could disable BitLocker's Secure Boot Integrity Validation check and encryption system security options, according to security bulletin MS16-094.

Unfortunately, the technical details on how to bypass the Secure Boot protection on Windows RT tablets are not publicly available. We only know that before this you need to disable BitLocker.

manage-bde -protectors C: -disable

But it is known for sure that the Secure Boot vulnerability is also present in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10 and Windows Server Core. For all these versions, patches have been released that are listed in MS16-094.

• Windows 8.1 32-bit : KB3172727
• Windows 8.1 x64 : KB3172727
• Windows Server 2012 : KB3172727
• Windows Server 2012 R2 : KB3172727
• Windows 10 32-bit : KB3163912 (cumulative update)
• Windows 10 x64 : KB3163912 (cumulative update)
• Windows 10 Version 1511 32-bit : KB3172985 (cumulative update)
• Windows 10 Version 1511 x64 : KB3172985 (cumulative update)
• Windows Server 2012 (Server Core installation): KB3172727
• Windows Server 2012 R2 (Server Core installation): KB3172727

The bulletin states that in order to use the exploit, an attacker must have administrative privileges in the system or physical access to the device. But if there is such access, you can do anything with a computer, including modifying the system files of the operating system.

Thus, if you plan to install an alternative operating system on your tablet, then in no case do not install security update KB3172727. For other versions of Windows, on the contrary, installing this update is strongly recommended.

Microsoft made it clear that despite the completion of the development of Windows RT, it does not intend to open the platform for third-party operating systems. This would greatly undermine the established image of the company. On the other hand, it is also impossible to leave a backdoor in the system, if it became known about him.