Misc

Windows Hello for Business – Full Report Has Been Released

Yesterday, the BSI (the German Federal Office for Information Security, or Bundesamt für Sicherheit in der Informationstechnik in German) published the first result document from the “Windows dissected” (ger.: “Windows seziert”) project: our analysis of Windows Hello for Business (WHfB). If you have followed this blog over the past year, you have seen the pieces. The full 170-page report has now been published. And it can be downloaded from the project page.

WHfB is a system of systems, building on Windows components that have been around for years. The document follows that path: from an application (like LogonUi) through the biometric service and the biometric unit, including the storage adapter and the full database format back into LogonUi, LSASS, Windows Passport and Kerberos. The annex contains the exported RPC interfaces and partial documentation for WINBIO_FRAMEWORK_INTERFACE; these exist because Microsoft’s documentation does not.

The german speaking press has picked up on BSI’s press release. Heise.de has released a good overview with the key points, and others have picked up the discussion as well.

There are quite a few more reports coming up as part of the “Windows dissected” project, so stay tuned!


In case you’re interested, here are other recent Windows internals contributions from ERNW:


My colleagues offer different training in the Microsoft security space.

  • The Entra ID Security Essentials training covers Windows Hello for Business from a practinioers perspective. It takes place in august, september and november.
  • The Hardening Microsoft Environments training goes into way more depth on Kerberos authentication than out report! It takes place in october and december.

Leave a Reply

Your email address will not be published. Required fields are marked *