Security News > 2020 > July > Bug in widely used bootloader opens Windows, Linux devices to persistent compromise

A vulnerability in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have found.

The list of affected systems includes servers and workstations, laptops and desktops, and possibly a large number of Linux-based OT and IoT systems.

"The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected," the researchers explained.

GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders."

"This will include: updates to GRUB2 to address the vulnerability; Linux distributions and other vendors using GRUB2 will need to update their installers, bootloaders, and shims ; new shims will need to be signed by the Microsoft 3rd Party UEFI CA; administrators of affected devices will need to update installed versions of operating systems in the field as well as installer images, including disaster recovery media; and eventually the UEFI revocation list needs to be updated in the firmware of each affected system to prevent running this vulnerable code during boot."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/-nGRY5E4V7o/