At the upcoming MalCon security conference in Mumbai, Austrian independent developer and security analyst Peter Kleissner is scheduled to release the first known "bootkit" for Windows 8—an exploit that is able to load from a hard drive's master boot record and reside in memory all the way through the startup of the operating system, providing root access to the system. The exploit allegedly defeats the secure boot features of Windows 8's new Boot Loader. Kleissner will also present a paper called "The Art of Bootkit Development."
Kleissner previously developed the Stoned bootkit, a proof-of-concept exploit that could attack Windows XP, Vista, and 7, as well as Windows Server 2003. Stoned, which is available as source code from Kleissner's site, was able to install itself into the Windows kernel and gain unrestricted access to the entire system, even on systems with encrypted drives—because the master boot record on those drives remains unencrypted.
The details of the Windows 8 bootkit have not yet been shared, but Kleissner said in his Twitter feed this morning that the new bootkit, called Stoned Lite, has an infector file that is only 14 kilobytes in size, and the bootkit can be started from a USB drive or CD. He added that he was considering adding "in-memory patching of msv1_0!MsvpPasswordValidate." That exploit, previously demonstrated against Windows XP as part of a bootkit, changes the password validation routine in Windows to accept any password as valid for an account.
Windows 8's boot loader has added a number of security features to prevent malware and security breaches, including a measure that requires any software loaded at boot time to be authenticated with a valid digital signature. Microsoft advertised this feature as a malware killer, because it would in theory block any unsigned software from loading into memory before startup. But the new boot loader has caused concern in the open-source world, because Linux distributions such as Red Hat and Ubuntu don't come with a digital signature.
http://arstechnica.com/business/news/2011/11/security-researcher-defeats-windows-8-secure-boot.arsWindows 8 = :rofl: