A developer using the alias “clrokr” has found a way i.e. a security mechanism of Windows RT – to trick the code integrity check – the version of Windows 8 for tablets with ARM processor. This way should be let on the Surface Tablet and other devices running Windows RT start and unsigned desktop applications.
The developer writes to the breakthrough of the thoroughness with which its operating system Microsoft has ported to the ARM platform. Functional Windows RT has been implemented so clean that in the depths of the kernel the same byte can lay down the minimum level for the code signing as with the desktop version.Windows Time determined based on the quality of this byte signature. 0th unsigned applications received the lowest rating Microsoft signatures are classified with 8, Windows components are located on level 12.
On x86 desktops applications run from a minimum level of Signing 0; Windows RT signatures accepted however only at level 8 – they have to be approved directly by Microsoft. This value is set in the kernel and can not be changed there. Does the system have the value but only loaded into memory once, it can be returned there.This purpose has clrokr via Remote Debugger locked to the CSRSS process of the logged on user has injected malicious code in this way. The Client / Server Runtime System is an essential component of the Windows core.
Due to the necessary pull-ups, the described method of clrokr to slash code signing does not constitute practically relevant security risk addition, resetting the minimum level Signing lasts only until the next reboot, and no compiled for the ARM version of Windows Desktop There are applications that could be run in this way. It remains to be seen if and when Microsoft sees itself in a tight spot, to fill this gap.
The description of clrokr ends with the statement that the signature was not forced a technical necessity, but a “bad marketing decision” by Microsoft. To strengthen its market position as a productivity tool, the RT need Windows Win32 ecosystem. He therefore called on Microsoft to make the code signing to continue optional.