July 30th 20, 03:42 PM
posted to alt.comp.os.windows-8,alt.comp.os.windows-10,alt.os.linux
|
|
|
BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10
Andrei Z. wrote:
Arlen Holder wrote:
Dateline today, verbatim...
Â*Â* "Security researchers at Eclypsium discovered a vulnerability that
Â*Â*Â* affects the bootloader used by 'virtually every' Linux system,
Â*Â*Â* and almost every Windows device using Secure Boot with Microsoft's
Â*Â*Â* standard Unified Extensible Firmware Interface (UEFI) certificate
Â*Â*Â* authority."
o *BootHole Secure Boot Threat Found In Most Every Linux Distro,
Windows 8 And 10*
https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/
Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2)
Â*Â*Â* but affects systems running Secure Boot even if they are not
Â*Â*Â* using GRUB2.
Â*Â* If successfully exploited, BootHole opens up Windows and Linux devices
Â*Â* to arbitrary code execution during the boot process, even when Secure
Â*Â* Boot is enabled. Meaning an attacker could gain persistence for
Â*Â* stealthily installed malware and give them, "near-total control"
Â*Â* over the device, according to Eclypsium."
"multiple secure boot grub2 and linux kernel vulnerabilities" -
oss-security
https://www.openwall.com/lists/oss-s...y/2020/07/29/3
"Mitigating BootHole ..." - Ubuntu
https://ubuntu.com//blog/mitigating-...ulnerabilities
"There’s a Hole in the Boot" - Eclypsium
https://eclypsium.com/2020/07/29/the...e-in-the-boot/
|