BootHole, discovered a vulnerability that affects billions of devices

BootHole, discovered a vulnerability that affects billions of devices
Eclypsium, a company that specializes in corporate security solutions, has revealed a new vulnerability, called BootHole, which allows attackers to gain almost total control of Windows or Linux systems. The company claims that billions of devices are vulnerable, from laptops, desktop PCs, servers and workstations, to other types of devices, such as specialized equipment for the industrial, healthcare sectors.

The attack exposes a vulnerability in the framework UEFI Secure Boot which normally prevents unauthorized access to the system during boot. By compromising Secure Boot, attackers can then use modified UEFI bootloaders to gain full system access and control. Fortunately, this attack requires high-level privileges for its success (but not physical access), which means that it would be difficult for external entities to attack a system without a certain level of knowledge or without having already gained access to credentials by other means.

However, once compromised, the system appears to function normally even if the malware has full access to the system and operating system. The malicious code therefore resides in the bootloader and therefore will persist even after reinstalling the operating system. The vulnerability (CVE-2020-10713) was assigned a CVSS score of 8.2, which means that attackers could exploit the vulnerability to gain almost complete access to a device.

the UEFI Secure Boot is an industry standard that protects almost all of your servers and PCS from attacks during the boot process of the system and all the systems that have Secure Boot are concerned, even if the feature is not enabled. Secure Boot uses cryptographic signatures to verify any type of code that can be executed during the boot process. The GRUB2 (Grand Unified boot loader) handles the loading of the system and the transfer of control to the operating system during startup, and if this process is compromised, attackers can gain full control of the system.

As a basic explanation, the attack BootHole exploits a buffer overflow vulnerability in the configuration files of GRUB2, which is a text file that is not protected like other files and executables. This allows the execution of arbitrary code within GRUB2, and then enables the attacker to enter bootloader harmful that allow attackers to access the system.

The ad is part of a disclosure-coordinate with vendors of operating systems, computer manufacturers and CERT, many of which, according to Eclypsium, publish individual ads today. The three companies are Microsoft , Oracle , Red Hat , Canonical (Ubuntu), SuSE , Debian , Citrix , VMware and a range of various OEM and software vendors.

The company expects that this vulnerability will take time before it will be correct on all systems with patch.

Try a video card capable of running great the last few games and with an affordable cost? We recommend you the Gigabyte Nvidia RTX 2060 Super, that you can buy on Amazon at a very interesting price .

Powered by Blogger.