Security News > 2020 > July > Billions of Devices Impacted by Secure Boot Bypass

According to Eclypsium researchers, the bug tracked as CVE-2020-10713 could allow attackers to get around these protections and execute arbitrary code during the boot-up process, even when Secure Boot is enabled and properly performing signature verification.

"During the parser stage, the configuration values are copied to internal buffers stored in memory. Configuration tokens that are longer in length than the internal buffer size end up leading to a buffer overflow issue. An attacker may leverage this flaw to execute arbitrary code, further hijacking the machine's boot process and bypassing Secure Boot protection. Consequently, it is possible for unsigned binary code to be loaded, further jeopardizing the integrity of the system."

Once in, attackers have "Near total control" over a target machine: "Organizations should be monitoring their systems for threats and ransomware that use vulnerable bootloaders to infect or damage systems," according to the analysis.

"An attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access," according to Red Hat.

"Due to the risk of bricking systems or otherwise breaking operational or recovery workflows, these dbx updates will initially be made available for interested parties to manually apply to their systems rather than pushing the revocation entries and applying them automatically," the firm noted.

News URL

https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/