Firmware security company Eclypsium disclosed on Wednesday that a critical GRUB2 bootloader vulnerability, which can be exploited to install stealthy malware, has impacted billions of Windows and Linux devices.

Tracked as CVE-2020-10713 and termed BootHole, the flaw has a CVSS score of 8.2, with Eclypsium saying that it impacts all operating systems that use GRUB2 with Secure Boot. As per the company, the vulnerability impacts machines that use Secure Boot even if they’re not using GRUB2.

In its report, Eclypsium explained: “Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority.”

Eclypsium says that a majority of laptop, desktop, workstation and server devices are affected by the flaw, adding that cybercriminals could abuse the vulnerability to install bootkits or malicious bootloaders.

The company’s researchers observed that exploiting the flaw needs administrator privileges on the targeted device, but effective manipulation allows the hacker to gain even higher privileges and attain persistence.

BootHole has been labelled as a buffer overflow fault related to how GRUB2 analyzes its grub.cfg configuration file. A hacker can adjust this file to guarantee that their malicious code is performed in the UEFI execution environment, before the operating system is loaded.

After the company’s detection of the BootHole flaw, the Canonical security team also examined GRUB2 and recognized numerous other security holes, all of which have been categorized as medium severity.

Eclypsium has synchronized the revelation of the fault with Microsoft, Linux distributions, the UEFI Security Response Team, OEMs, CERTs, VMware, Oracle and other affected software sellers.

“Mitigation will require new bootloaders to be signed and deployed, and vulnerable bootloaders should be revoked to prevent adversaries from using older, vulnerable versions in an attack. This will likely be a long process and take considerable time for organizations to complete patching,” the company clarified.

 

Related articles

3 Separate 0-Day Windows Exploits Dropped in 24 Hours
Vulnerability Alerts

3 Separate 0-Day Windows Exploits Dropped in 24 Hours

By CertX
WinRAR and Drupal Vulnerabilities Under Functional Exploitation
Vulnerability Alerts

WinRAR and Drupal Vulnerabilities Under Functional Exploitation

By CertX
High-severity Vulnerability in vBulletin Is being Vigorously Exploited
Vulnerability Alerts

High-severity Vulnerability in vBulletin Is being Vigorously Exploited

By CertX
Vulnerability Alerts

Google Reveals Microsoft Unpatched Edge Vulnerability

By CertX
Apple, Microsoft, and Adobe Security Updates Fix Numerous Issues
Vulnerability Alerts

Apple, Microsoft, and Adobe Security Updates Fix Numerous Issues

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *