Boot records on systems based on BIOS are not encrypted, so any malware that can slip in to boot with them is set for whatever it wants to do.
Windows 8 Secure Boot stops rootkits. Mostly
Secure Boot prevents any code not signed securely by an approved developer from running at root during the boot-up process. It may also keep users from installing Linux or other operating systems along with Windows, some critics charge.
Microsoft officials have said Linux and other OSes will be able to run in UEFI once they're "trusted." Trusted, presumably by Microsoft. No word on when Microsoft will trust Linux.
It definitely won't trust the Stoned Bootkit, though, so Kleissner would be out of luck, if he didn't claim to have already found a way to load the bootkit within the security structures of Windows 8.
A version of the kit called Stoned Lite has an infector function only 14 kb in size gets past the UEFI and Secure Boot barriers by taking advantage of legacy BIOS functions in Windows 8 to gain root access to the system, according to Kleissner's Twitter feed.
Kleissner plans to release a paper with his full analysis of Windows 8 boot files, their behavior and how to exploit them, along with his presentation at MalCon.
Kleissner may also add an exploit that will patch the msv1_0!MsvpPasswordValidate login process in Windows, while it runs in memory, changing its mind so it will accept any password a hacker or malware payload provides as the correct one for the system.
"Nothing new, but nice and fancy," Kleissner calls the tweak.
Microsoft already has copy of the paper and all the information it needs about the weakness in the Win8 boot process and Kleissner's exploitation of it, he tweeted.
Microsoft hasn't commented.
Can't cross border to hacker conference because you're a hacker
The Austrian Kleissner may not get an Indian visa approved in time to attend MalCon, however. Among other complications preventing him from attending a conference designed to attract malware specialists is an indictment back home for creating tools designed to violate the security of computers via malware.