BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10
Dateline today, verbatim...
"Security researchers at Eclypsium discovered a vulnerability that affects the bootloader used by 'virtually every' Linux system, and almost every Windows device using Secure Boot with Microsoft's standard Unified Extensible Firmware Interface (UEFI) certificate authority." o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10* https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/ "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2 and sits in the default GRand Unified Bootloader 2 (GRUB2) but affects systems running Secure Boot even if they are not using GRUB2. If successfully exploited, BootHole opens up Windows and Linux devices to arbitrary code execution during the boot process, even when Secure Boot is enabled. Meaning an attacker could gain persistence for stealthily installed malware and give them, "near-total control" over the device, according to Eclypsium." -- Together we can keep ourselves informed of the latest news on our OS. |
BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10
Arlen Holder wrote:
Dateline today, verbatim... "Security researchers at Eclypsium discovered a vulnerability that affects the bootloader used by 'virtually every' Linux system, and almost every Windows device using Secure Boot with Microsoft's standard Unified Extensible Firmware Interface (UEFI) certificate authority." o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10* https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/ "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2 and sits in the default GRand Unified Bootloader 2 (GRUB2) but affects systems running Secure Boot even if they are not using GRUB2. If successfully exploited, BootHole opens up Windows and Linux devices to arbitrary code execution during the boot process, even when Secure Boot is enabled. Meaning an attacker could gain persistence for stealthily installed malware and give them, "near-total control" over the device, according to Eclypsium." "multiple secure boot grub2 and linux kernel vulnerabilities" - oss-security https://www.openwall.com/lists/oss-s...y/2020/07/29/3 "Mitigating BootHole ..." - Ubuntu https://ubuntu.com//blog/mitigating-...ulnerabilities |
BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10
On 7/30/20 2:00 AM, this is what Andrei Z. wrote:
Arlen Holder wrote: Dateline today, verbatim... Â*Â* "Security researchers at Eclypsium discovered a vulnerability that Â*Â*Â* affects the bootloader used by 'virtually every' Linux system, Â*Â*Â* and almost every Windows device using Secure Boot with Microsoft's Â*Â*Â* standard Unified Extensible Firmware Interface (UEFI) certificate Â*Â*Â* authority." o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10* https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/ Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2 Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2) Â*Â*Â* but affects systems running Secure Boot even if they are not Â*Â*Â* using GRUB2. Â*Â* If successfully exploited, BootHole opens up Windows and Linux devices Â*Â* to arbitrary code execution during the boot process, even when Secure Â*Â* Boot is enabled. Meaning an attacker could gain persistence for Â*Â* stealthily installed malware and give them, "near-total control" Â*Â* over the device, according to Eclypsium." "multiple secure boot grub2 and linux kernel vulnerabilities" - oss-security https://www.openwall.com/lists/oss-s...y/2020/07/29/3 "Mitigating BootHole ..." - Ubuntu https://ubuntu.com//blog/mitigating-...ulnerabilities My Linux Mint had ~half dozen updates on 7/29 to grub2 and grub2 uefi etc files. Guess they pushed out some fixes. |
BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10
Andrei Z. wrote:
Arlen Holder wrote: Dateline today, verbatim... Â*Â* "Security researchers at Eclypsium discovered a vulnerability that Â*Â*Â* affects the bootloader used by 'virtually every' Linux system, Â*Â*Â* and almost every Windows device using Secure Boot with Microsoft's Â*Â*Â* standard Unified Extensible Firmware Interface (UEFI) certificate Â*Â*Â* authority." o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10* https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/ Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2 Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2) Â*Â*Â* but affects systems running Secure Boot even if they are not Â*Â*Â* using GRUB2. Â*Â* If successfully exploited, BootHole opens up Windows and Linux devices Â*Â* to arbitrary code execution during the boot process, even when Secure Â*Â* Boot is enabled. Meaning an attacker could gain persistence for Â*Â* stealthily installed malware and give them, "near-total control" Â*Â* over the device, according to Eclypsium." "multiple secure boot grub2 and linux kernel vulnerabilities" - oss-security https://www.openwall.com/lists/oss-s...y/2020/07/29/3 "Mitigating BootHole ..." - Ubuntu https://ubuntu.com//blog/mitigating-...ulnerabilities "There’s a Hole in the Boot" - Eclypsium https://eclypsium.com/2020/07/29/the...e-in-the-boot/ |
BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10
On Thu, 30 Jul 2020 17:42:52 +0300, Andrei Z. wrote:
Andrei Z. wrote: Arlen Holder wrote: Dateline today, verbatim... Â*Â* "Security researchers at Eclypsium discovered a vulnerability Â*Â* that Â*Â*Â* affects the bootloader used by 'virtually every' Linux system, Â*Â*Â* and almost every Windows device using Secure Boot with Â*Â*Â* Microsoft's standard Unified Extensible Firmware Interface Â*Â*Â* (UEFI) certificate authority." o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10* https://www.forbes.com/sites/daveywi...othole-secure- boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10- microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/ Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2 Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2) Â*Â*Â* but affects systems running Secure Boot even if they are not Â*Â*Â* using GRUB2. Â*Â* If successfully exploited, BootHole opens up Windows and Linux Â*Â* devices to arbitrary code execution during the boot process, even Â*Â* when Secure Boot is enabled. Meaning an attacker could gain Â*Â* persistence for stealthily installed malware and give them, Â*Â* "near-total control" Â*Â* over the device, according to Eclypsium." "multiple secure boot grub2 and linux kernel vulnerabilities" - oss-security https://www.openwall.com/lists/oss-s...y/2020/07/29/3 "Mitigating BootHole ..." - Ubuntu https://ubuntu.com//blog/mitigating-...e-in-the-boot- cve-2020-10713-and-related-vulnerabilities "There’s a Hole in the Boot" - Eclypsium https://eclypsium.com/2020/07/29/the...e-in-the-boot/ My LMDE4 was patched for this yesterday.... -- Pull my Finger |
BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10
Andrei Z. wrote:
Andrei Z. wrote: Arlen Holder wrote: Dateline today, verbatim... Â*Â* "Security researchers at Eclypsium discovered a vulnerability that Â*Â*Â* affects the bootloader used by 'virtually every' Linux system, Â*Â*Â* and almost every Windows device using Secure Boot with Microsoft's Â*Â*Â* standard Unified Extensible Firmware Interface (UEFI) certificate Â*Â*Â* authority." o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10* https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/ Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2 Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2) Â*Â*Â* but affects systems running Secure Boot even if they are not Â*Â*Â* using GRUB2. Â*Â* If successfully exploited, BootHole opens up Windows and Linux devices Â*Â* to arbitrary code execution during the boot process, even when Secure Â*Â* Boot is enabled. Meaning an attacker could gain persistence for Â*Â* stealthily installed malware and give them, "near-total control" Â*Â* over the device, according to Eclypsium." "multiple secure boot grub2 and linux kernel vulnerabilities" - oss-security https://www.openwall.com/lists/oss-s...y/2020/07/29/3 "Mitigating BootHole ..." - Ubuntu https://ubuntu.com//blog/mitigating-...ulnerabilities "There’s a Hole in the Boot" - Eclypsium https://eclypsium.com/2020/07/29/the...e-in-the-boot/ 1861977 – RHSA-2020 3216 grub2 security update renders system unbootable https://bugzilla.redhat.com/show_bug.cgi?id=1861977 1862045 – Grub or Shim dies since updating to grub2-2.02-0.86.el7_8 _ shim-x64-15-7.el7_8 https://bugzilla.redhat.com/show_bug.cgi?id=1862045 Bug #1889509 “grub boot error “symbol 'grub_calloc' not found†https://bugs.launchpad.net/ubuntu/+s...2/+bug/1889509 See Comment #6 about Debian 10 SecurityTeam_KnowledgeBase_GRUB2SecureBootBypass - Ubuntu Wiki Recovery https://wiki.ubuntu.com/SecurityTeam...ypass#Recovery |
All times are GMT +1. The time now is 06:03 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters