By Shailesh Shrivastava email: firstname.lastname@example.org | Jan 09, 2013 10:01 AM EST
Microsoft comes out with a statement appreciating a hacker's work and also supporting its mobile operating system Windows RT.
Three days after the Windows RT was claimed to be jailbroken by clrokr, Microsoft said that the operating system is not vulnerable and the hack will be fixed upcoming versions of the OS.
"The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence. We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We'll not guarantee these approaches will be there in future releases," Microsoft said in a statement.
On Sunday, clrokr, on his blog wrote: "It's taken longer than expected but it has finally happened: unsigned desktop applications run on Windows RT. Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible. MSFT's artificial incompatibility does not work because Windows RT is not in any way reduced in functionality. It's a clean port, and a good one. But deep in the kernel, in a hashed and signed data section protected by UEFI's Secure Boot, lies a byte that represents the minimum signing level."
At present, the jailbreak is in tethered stage, and users will have to change the setting every time the system is turned on. The exploit is also though for normal user to perform if they are not quite familiar with jailbreaking.
May be one day some user like iOS jailbreak community members will come up with an easier and user friendly exploit for Windows RT.