UPDATE with patch reports that make systems unsupported.
Anyone who has used Linux is probably familiar with Grand Unified Bootloader, or GRUB, an undeniable program that, without delay, after turning on, allows you to install the operational formula on a PC with which you can start.
GRUB has been around for years, but a serious security flaw was discovered in its latest version (GRUB2). The flaw, called “BootHole”, can allow an attacker to completely bypass the secure boot protections built into trendy PCs and servers, allowing the installation of malware that is highly unlikely to be detected.
If you have a dual boot device configured to use Windows or Linux, or even a device configured to use Linux, then you want to update your Linux distribution as soon as you can. The same is true if you are one of the (probably few) Mac users who have installed GRUB.
The well-known Linux Ubuntu, Debian, Red Hat, and SUSE distributions already have patches available. For its part, Microsoft is running a solution for its Unified Extensible Firmware Interface (UEFI) that will be included in a long-running Windows update package.
UPDATE: Or would you possibly be waiting for those GRUB updates? Several users of Linux distributions based on Debian and Red Hat, adding Ubuntu, Fedora, and CentOS, report that the solution application prevents their systems from starting. For now, it would possibly be more productive to strictly restrict physical access to your Linux systems and ensure that remote access is blocked.
BootHole won a very cute logo from its discoverers from the security company Eclypsium in Portland, Oregon, but fortunately, the defect cannot be realized.
First, the attacker would want administrative rights on a Windows or Linux PC, which in itself opens many other avenues of attack. And despite the computer virus in the BootHole logo, it is unlikely that malware that exploits this flaw can spread from one device to another.
But because BootHole affects a disk-level program that runs even before an operational formula loads, a successful feat can make such deep and basic adjustments that the most productive antivirus software or other manipulation detection strategies would not be to detect them.
We will not go through in detail, to say that the operation of BootHole comes to modify the GRUB configuration registry to cause a buffer overflow and install the rootkit malware. This type of piracy is so old that it deserves to be played on Classic Rock stations, but it achieves precisely what Secure Boot was designed to prevent.
Most PCs configured for a “double boot” between Linux and Windows will have GRUB installed as a bootloader, as will many machines that only have Linux. You can also configure GRUB to start among other editions of Windows, but at most, other people would only run an edition of Windows on an emulator.
Macs can also use GRUB, but because it can be a little tricky to use due to Apple’s unique disk format and broader strategies are available, rarely used on dual-boot (or triple-boot Mac).
It is also imaginable that an attacker with administrative rights on a PC will possibly install GRUB on a device in a different way without GRUB without the primary user’s knowledge, and then use GRUB to exploit the BootHole flaw. Whether GRUB is installed or not, a PC will be technically vulnerable until Microsoft updates THE UEFI.
If you are a bit of a Windows jockey, you can check if your PC is vulnerable by running this text string in PowerShell with administrator privileges:
If you return from ‘True’, your PC is vulnerable. Update your Linux distribution if you have one installed on the machine. Otherwise, do not install Linux until Microsoft has UEFI updated.
Get instant access to the latest news, reviews, offers and helpful tips.
Thank you for signing up for Tom’s Guide. You will soon receive a verification email.
There’s a problem. Refresh the page and re-consult.
Tom’s Guide is from Future US Inc., a foreign media organization and a leading virtual publisher. Visit our corporate website.