New BootHole Vulernability Revealed: Impacts 'Billions' of Devices

CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Content source
https://www.tomshardware.com/news/new-boothole-vulernability-revealed-impacts-billions-of-devices
Turns out Secure Boot is not secure

Eclypsium, a company that specializes in enterprise security solutions, revealed a new vulnerability that allows attackers to gain near-total control of WIndows or Linux systems. The company says that billions of devices are vulnerable, like systems ranging from laptops, desktop PCs, servers and workstations to other types of devices, like special-purpose equipment used in industrial, healthcare, financial, and other industries.

The attack exposes a vulnerability in the UEFI Secure Boot framework that normally prevents unauthorized access to the system during boot time. By compromising Secure Boot, attackers can then use malicious UEFI bootloaders to gain unfettered access and control of the system. Luckily, this attack requires elevated privileges to exploit, which means it would be hard for outside entities to attack a system without some level of insider knowledge or having already gained access to credentials through other means.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Brahman, upnorth, Nevi and 9 others
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
I'll add a few more articles on this story.

www.bleepingcomputer.com

BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows

A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active.
www.bleepingcomputer.com www.bleepingcomputer.com

www.theregister.com

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

We're gonna keeping punning this until someone pays us $5m
www.theregister.com www.theregister.com

www.securityweek.com

'BootHole' Flaw Allows Installation of Stealthy Malware, Affects Billions of Devices

Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader vulnerability dubbed BootHole that can be exploited to install persistent and stealthy malware
www.securityweek.com www.securityweek.com

I'm glad to see that this topic got posted yesterday. It wasn't showing on the site when I started a similar thread with these links on this story after I did a number of searches for this topic. I guess that this thread was still waiting for approval at that time too.
 
  • Like
Reactions: CyberTech, Brahman, ForgottenSeer 85179 and 5 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Due to a weakness in the way GRUB2 parses its configuration file, an attacker can execute arbitrary code that bypasses signature verification. The Boot Hole vulnerability discovered by Eclypsium can be used to install persistent and stealthy bootkits or malicious bootloaders that operate even when Secure Boot is enabled and functioning correctly. This can ensure attacker code runs before the operating system and can allow the attacker to control how the operating system is loaded, directly patch the operating system, or even direct the bootloader to alternate OS images. It gives the attacker virtually unlimited control over the victim device. Malicious bootloaders have recently been observed in the wild, and this vulnerability would make devices susceptible to these types of threats.

All signed versions of GRUB2 that read commands from an external grub.cfg file are vulnerable, affecting every Linux distribution. To date, more than 80 shims are known to be affected. In addition to Linux systems, any system that uses Secure Boot with the standard Microsoft UEFI CA is vulnerable to this issue. As a result, we believe that the majority of modern systems in use today, including servers and workstations, laptops and desktops, and a large number of Linux-based OT and IoT systems, are potentially affected by these vulnerabilities. Additionally, any hardware root of trust mechanisms that rely on UEFI Secure Boot could be bypassed as well.
Click to expand...
eclypsium.com

There's a Hole in the Boot - Eclypsium | Supply Chain Security for the Modern Enterprise

The BootHole vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. The majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment
eclypsium.com eclypsium.com
 
  • Like
Reactions: Stopspying, CyberTech, harlan4096 and 4 others
F

ForgottenSeer 85179

Microsoft should harden that more but this also show exactly why Secure Boot isn't strong as Verified Boot from Android (and of course iOS too)
 
  • Like
Reactions: Stopspying and Brahman
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
www.securityweek.com

Companies Respond to 'BootHole' Vulnerability

Companies affected by the BootHole vulnerability in the GRUB2 bootloader have started issuing advisories
www.securityweek.com www.securityweek.com
Microsoft says BootHole impacts Windows 10, 8.1, Server 2012, Server 2016, Server 2019 and Server versions 1903, 1909 and 2004. The company is working on an update that will be rolled out to users via the Windows Update system.
Click to expand...
 
  • +Reputation
  • Like
  • Thanks
Reactions: Stopspying, CyberTech, Gandalf_The_Grey and 3 others
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • Wow
    • +Reputation
Serious Discussion Critical vulnerability affecting most Linux distros allows for bootkits
Replies
2
Views
349
ChromeOS & Linux
LennyFox
L
[correlate]
    • Like
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices.
Replies
0
Views
1,246
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • +Reputation
Acer fixes UEFI bugs that can be used to disable Secure Boot
Replies
0
Views
526
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top