Kuzma explained, "This impacts the application whitelisting functionality on Windows 8.1 and newer. I suspect we'll be seeing a lot more like this as researchers and attackers both look for ways to bypass this technology."
MS16-094 fixes a flaw in Secure Boot security features that could by bypassed if an attacker installs an affected policy on a target device. However, an attacker would need either physical access or administrative privileges to pull that off.
"Secure boot isn't very secure, I'm afraid, when policy application and handling errors strip away its most critical protections. An attacker being able to disable integrity checks is the first step in establishing difficult to detect and difficult to remove persistence. AND it could potentially disable BitLocker encryption. Sounds like this vulnerability was a great tool for Folks That Spy On People."
Sign up for MIS Asia eNewsletters.