Home United States USA — software New BootHole flaw in Secure Boot affects a huge number of Linux...

New BootHole flaw in Secure Boot affects a huge number of Linux and Windows systems

302
0
SHARE

A newly discovered flaw in Secure Boot affects almost all Linux distros and Windows devices that leverage the UEFI boot tech. If the flow is exploited, attackers can gain full control of the system.
A new vulnerability has been discovered in Secure Boot that affects most Linux distributions and Windows devices that use the UEFI specification during boot. The vulnerability, called BootHole, was found by an enterprise security research firm, Eclypsium (spotted by Tom’sHardware). The flaw is specifically present in the GRUB2 file in Secure Boot and can be used by attackers to attain “near-total control” of the victim’s system. The firm says that the problem “extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority”, therefore putting a huge number of Windows desktops, laptops, workstations, servers, and other special-purpose equipment that use the technology are affected.

Continue reading...