BootHole flaw Affects Linux and Windows systems
A new vulnerability has been discovered in Secure Boot that affects most Linux distributions and Windows devices that use the UEFI specification during boot. The vulnerability, called BootHole, was found by a security research firm, Eclypsium. The flaw is in the GRUB2 file in Secure Boot and can be used by hackers to gain control of the victim’s system.
The problem also affects any Windows that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. This puts a huge number of Windows desktops, laptops, workstations, servers, and other special-purpose equipment that use the technology at risk.
The vulnerability is critical since it affects the boot process, and any malicious code that can execute before the OS is loaded can bypass security controls, which can result in the hacker gaining control of the system. Hackers can modify the GRUB file which is simp.ly an unencrypted text file and run malicious code before the operating system is loaded, giving them persistent access to the device.
Eclypsium stated that it “coordinated the responsible disclosure of this vulnerability with a variety of industry entities, including OS vendors, PC manufacturers, and CERTs”. The company will have a webinar on mitigating the vulnerability in August. Advisories and announcements from Microsoft, UEFI Security Response Team, Oracle, Canonical, and others are expected in the coming weeks.
Eclypsium thinks that mitigation of BootHole will require coordinated efforts from everyone involved. Expect deployment to be slow. For now, the recommendations for organizations include monitoring UEFI bootloaders and firmware, verifying UEFI configurations, testing recovery capabilities, and more. You can head here to read the entire announcement that provides information about the vulnerability in detail.