Windows 7 Release Candidate is now out and available for public download, and so is the open source attack tool Vbootkit 2.0 created by security researchers Vipin Kumar and Nitin Kumar. The source code of the attack tool has been released under a General Public License (GPL), meaning that anyone can now use it to compromise the Windows 7 operating system.
With Vbootkit 2.0, an attacker could take full control of the OS because there is a design problem within Windows 7. According to its developers, there is no fix for this exploit simply because it is a design issue (as mentioned before). The upside is that the exploit only works if the attacker has physical access to the targeted machine – the exploit cannot be used remotely.
“It hooks the basic hard disk reading mechanism, the INT 13h method, then waits for read requests. When it finds a known signature, it patches the file in memory and the process continues till we reach the kernel,” explained Vipin Kumar for eWeek. In layman’s terms, Vbootkit 2.0 takes control of the Windows 7 OS when the operating process boots up by “making changes to Windows 7 files that are loaded into the system memory during the boot process”.
Microsoft has responded with the following statement: “If one has this kind of unrestricted access, one can do many things to compromise the system. BitLocker, in addition to data encryption, can also help protect against physical-access attacks with its secure-boot technology. The feature uses a Trusted Platform Module (TPM 1.2) to help ensure that a PC running Windows 7 has not been tampered with while the system was offline.”
That may be true, but the thing is that TPM and BitLocker are only available on high-end versions of Windows 7, mainly Windows 7 Enterprise and Windows 7 Ultimate.
If you would like to get the Vbootkit 2.0 source code, a download location is available here.
Open Source Vbootkit 2.0 Attack Tool for Windows 7