Friday, March 29, 2024

BootHole Vulnerability Affects Millions of Windows and Linux Systems – Allows Attackers to Install Stealthy Malware

Security researchers uncovered a new vulnerability dubbed “BootHole” present in the GRUB2 bootloader utilized by Windows and Linux systems.

Attackers can exploit this vulnerability to install a stealthy malware that gives total control of the victim machine.

“The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected,” Eclypisum said.

GRUB2 is the replacement of GRUB(Grand Unified Bootloader) Legacy boot loader, it functions to take over from BIOS at boot time, load itself, load the Linux kernel into memory, and then turn over execution to the kernel.

According to the detailed report shared with GBHackers On Security, the flaw affects a majority of laptops, desktops, servers, and workstations that are affected, as well as network appliances and other special-purpose equipment used in industrial, healthcare, financial, and other industries.

BootHole – Buffer Overflow Vulnerability

Researchers identified a buffer overflow vulnerability in the way that GRUB2 parses content from the GRUB2 config file(grub.cfg).

The config file also not signed, the vulnerability allows attackers to enable arbitrary code execution within GRUB2 and to gain control over the operating system.

It also allows an attacker to escalate privileges and persistence on the device, even with Secure Boot enabled.

The vulnerability can be tracked as CVE-2020-10713 and received a CVSS rating of 8.2. By exploiting the Boot Hole vulnerability attackers can install persistent and stealthy boot kits or malicious bootloaders that operate even when Secure Boot is enabled and functioning correctly.

“In addition to Linux systems, any system that uses Secure Boot with the standard Microsoft UEFI CA is vulnerable to this issue.”

Researchers believe that majority of modern systems in use today, including servers and workstations, laptops and desktops, and a large number of Linux-based OT and IoT systems are affected by the vulnerability.

Mitigations

Researchers said that full mitigation of this issue will require coordinated efforts of Microsoft, open-source projects, and owners of affected systems.

“However, the full deployment of this revocation process will likely be very slow. UEFI-related updates have had a history of making devices unusable, and vendors will need to be very cautious,” researchers said.

Following are the list of advisories released by the vendors;

Researchers recommended monitoring the contents of the bootloader partition (EFI system partition) and to continue installing OS updates as usual across desktops, laptops, servers, and appliances.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles