Just recently, we learned about a way to run non-Windows Store apps on a Windows RT device via a circumvention method. Clrokr, the one who discovered this circumvention method, found out a way to tinker with the portion of the RAM that instructs Windows RT on whether it should run unsigned code or signed code.
This bypass, based off a vulnerability in the Windows kernel that was ported over to ARM, was only temporary and would need to be executed every time the operating system had rebooted.
This jailbreak attempt was brought to Microsoft’s attention and the company issued a statement today (see below) not only applauding the jailbreak attempt, but also hinting that this circumvention method will most likely be gone in the near future. Microsoft even mentions that there is no security risk.
The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.
We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.
