Windows RT ‘code integrity mechanism’ gets sidestepped, allows unsigned desktop apps to run

As Microsoft continues to promote and push its RT apps and programs, Windows tinkerer Clrokr at SurfSec has detailed how he managed to circumvent Redmond's controls on what can run on Windows RT. It's worth noting that this may not lead to a broad jailbreak solution, capable of running any desktop program, but it does demonstrate an existing vulnerability. Clrokr outlines how he tinkered with the part of the RAM that instructs the OS whether it should run unsigned, authenticode signed, Microsoft(8) or Windows(12) signed apps. The default setting is for the latter two options, whereas changing this entry allows those other app types to run. If you know your Windows kernel, you can check the full details and code over at the source.

Filed under: , ,

Comments

Via: @stroughtonsmith (Twitter)

Source: Surfsec