DragonImages – Fotolia
Eclypsium security researchers have revealed a serious vulnerability in the GRUB2 bootloader that can be used by cybercriminals to take “almost general control” of Linux systems, boot procedure and install “persistent and stealthy” bootkits or malicious startup. chargers that will even explode it. Safe startup is turned on and working properly.
Nicknamed BootHole, the CVE-2020-10713 rated 8.2 CVSS vulnerability affects systems that use almost all signed versions of GRUB2, which virtually all Linux distributions are affected.
However, the challenge is thought to be even greater than the undeniable Linux: GRUB2 is also used for other operating systems, kernels, and hypervisors like Xen, and the challenge also extends to any Windows device that uses Secure Boot with the third Microsoft standard. EuFI (Party Unified Extensible Firmware Interface) Certification Authority—Therefore, the maximum number of laptops, desktops, servers, and workstations is threatened.
Separate notices and updates are expected to be released in a while through Microsoft, the UEFI, Oracle, Red Hat, Canonical, SuSE, Debian, Citrix, VMware and several other OEMs and software vendors, Eclypsium said.
Because the startup procedure is a basic component of how computers work, being able to compromise it means that attackers can determine how the operational formula of the entire formula is loaded and heavily subvert any existing top-level security.
This specific error is a buffer overdrive vulnerability in the way GRUB2 parses the contents of its configuration log. This allows you to execute arbitrary code in GRUB2 and the startup process. Requires an attacker to have maximum privileges but therefore allows you to modify the contents of the configuration log to ensure that the attack code runs before loading the operating system, and gains patience on the device, regardless of presence or secure boot capability.
Ultimately, an actor who manages to exploit the vulnerability may use it to perform other malicious actions, adding knowledge exfiltration or installing malware or ransomware.
“Eclypsium has coordinated the guilty disclosure of this vulnerability with industry entities, adding operational formula providers, PC brands and CERT,” the company said in a blog post on disclosure, which can be read in full here.
“Mitigation will require the signing and deployment of new get starteder loaders, and vulnerable get start loaders will have to be revoked to save the conflicting parts from older and vulnerable versions in an attack,” he said. “It will probably be a long process and it will take a long time for organizations to complete the correction.”
There are several reasons for this, not least because UEFI updates have a significant history of brick devices and want to get rid of them quickly, so those affected will have to be careful how they proceed.
Eclypsium recommended that IT and security groups ensure that they have the right functions to monitor UEFI bootloaders and firmware and determine THE UEFI configurations of their systems, and to highly verify recovery functions as available updates (including factory reset settings).
In the meantime, it is to monitor threats very well or that they are known to use vulnerable bootloaders to infect targets.
A Susa spokesperson commented: “We are aware of the Linux vulnerability called BootHole shared through EclypsiumArray and our consumers and partners can be assured that we have released fixed grub2 packages that close the BootHole vulnerability for all Linux Susa Array products and that we are releasing updates for Linux kernel packages. Repair cloud symbol and installation media.
“Given the need for physical access to the bootloader, the maximum likely maximum exposure is when nasty users can access a machine, for example, bad actors in classified computational scenarios or computers in public spaces operating in unattended kiosk mode. To ensure that complicated attackers cannot reinstall previous versions of GRUB2, software and hardware vendors together. Susa Linux Enterprise delivers unprecedented reliability, stability, and security to the enterprise, and we’re committed to keeping our customers’ and partners’ systems up-to-date and in a position for everyday business challenges. »
Joe McManus, Canonical’s director of security, added: “CVE-2020-10713 is an attractive vulnerability. Thanks to Eclypsium, at Canonical, with the rest of the open source network, we have GRUB2 updated to protect against this vulnerability. During this process, we have known 7 other vulnerabilities in GRUB2 that will also be fixed in the updates released today. The attack itself is not a remote feat and requires the attacker to have root privileges. With this in mind, we don’t see that this is a popular vulnerability used in nature. However, this effort actually illustrates the network spirit that makes open source software so secure».
Automation experts will provide an overview of why RPA deployments in the enterprise fail and how IT managers can ensure that.
Safety in the face of kindness is a constant struggle for security teams. The immediate evolution of remote access during the pandemicArray ..
As organizations accentuate their synthetic intelligence efforts in the wake of the pandemic and when they return to the workplace, IT managers are nowArray..
Using good collaboration tools, security advocates can still spread an enterprise’s security message, even if the maximum OfficeArray ..
Kaspersky prevented an attack on a South Korean company in May that used two zero-day vulnerabilities. One, no doubt Array..
This Black Hat 2020 consultant combines the latest news, new concepts and qualified technical reviews from one of the leaders of cybersecurity…
Companies can from 3 main approaches to mitigate DDoS attacks on their networks: buy from an ISP, do it themselves…
This week’s 5G news includes T-Mobile 5G stepping up, Samsung releasing tablets and Intel and VMware…
Network design team architects map the company’s infrastructure, but only with the right product. Explore those 8Array..
It’s not the glory days of the 1960s, but IBM mainframes are working with a little help from open source friends. Ibm…
Having a centralized knowledge center can bring benefits. Use instances such as IoT, Edge Computing, and Cloud to perform paints.
In its project on the relevance of mainframes, IBM has deployed a number of hardware and software offerings that bring it closer to Array..
The new stand-alone JSON database is an attempt through Oracle for consumers in particular who only need the document database…
The CEO and co-founder of K2View explains how the fabric technique of his company’s micro-base knowledge for user knowledge points to knowledge …
Riot Games’ Knowledge Governance Product Manager explains how the game provider has overcome demanding knowledge ownership situations by adopting new knowledge…