The July edition of Microsoft's security Patch blocks a backdoor left out in Windows RT. Attackers could have exploited this vulnerability to unlock its bootloader and start a non-windows OS such as GNU/Linux or Android.
The highly sought loophole was right under everyone's noses, and now Microsoft has released security update MS16-094 to fix it.
According to company's advisory, “A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, an attacker could bypass the Secure Boot Integrity Validation for BitLocker and the Device Encryption security features.”
“To exploit the vulnerability, an attacker must either gain administrative privileges or physical access to a target device to install an affected policy. The security update addresses the vulnerability by blacklisting affected policies.”
Surface RT failure: No support of Desktop Apps
Surface RT devices run with Microsoft's Windows RT system, which was a stripped down version of Windows 8. As Windows RT only worked with Windows Store apps designed for the ARM chipset, there was not heavy demand for those Surface RT tablets.
Installing Linux on the devices was a nice possible workaround to use them in a much more flexible way.
But with the new security patch, the OS now refuses to accept such “jailbreaking attempts” and prevents users from switching to Linux or any other OS.
The affected secure Boot Hole was also present on Windows 8.1, Windows Server 2012/2012 R2, Windows 10, and Windows Server Core. Again MS16-094 is used to patch these operating system, but here you would have needed admin or physical level access to change the OS anyways.
Microsoft has already released security update MS16-094, and you can download it through Windows Update.