Windows RT can be hacked to run unsigned desktop apps, but Microsoft sees no reason to worry.
As described yesterday, the hack allows someone with a certain amount of savvy to change code in the Windows RT kernel so the tablet-based OS can run desktop apps. Officially, the only desktop programs that Windows RT supports are Microsoft's own Internet Explorer and Office suite. Otherwise, the OS can run only Windows Store apps.
But the hack isn't geared for the average Windows RT user.
Besides requiring the necessary programming chops, the hack can only change code in memory. So a user would have to modify the code each time the device boots up.
Further, desktop applications would have to be recompiled for ARM processors, so users couldn't just run their existing desktop programs, which are designed for Intel x86 processors.
In a statement sent to CNET, Microsoft cautioned that the hack poses no security threat and actually applauded the people who discovered the hack. But the company also hinted that the hack may be eliminated in a future update to RT.
The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure that apps from the Store are legitimate and can be acquired and used with confidence. We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We'll not guarantee these approaches will be there in future releases.
The hack was uncovered by someone dubbed clrokr, who described how he was able to change a certain value in the RT kernel to expand the types of apps RT can run. Through his efforts, the hacker also discovered that Windows RT isn't that different from Windows 8, calling Windows RT "a clean port of Windows 8."