A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 8 » Windows 8 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old July 30th 20, 06:44 AM posted to alt.comp.os.windows-8,alt.comp.os.windows-10,alt.os.linux
Arlen Holder[_9_]
external usenet poster
 
Posts: 416
Default BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10

Dateline today, verbatim...
"Security researchers at Eclypsium discovered a vulnerability that
affects the bootloader used by 'virtually every' Linux system,
and almost every Windows device using Secure Boot with Microsoft's
standard Unified Extensible Firmware Interface (UEFI) certificate
authority."

o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10*
https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/

"CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
and sits in the default GRand Unified Bootloader 2 (GRUB2)
but affects systems running Secure Boot even if they are not
using GRUB2.

If successfully exploited, BootHole opens up Windows and Linux devices
to arbitrary code execution during the boot process, even when Secure
Boot is enabled. Meaning an attacker could gain persistence for
stealthily installed malware and give them, "near-total control"
over the device, according to Eclypsium."
--
Together we can keep ourselves informed of the latest news on our OS.
Ads
  #2  
Old July 30th 20, 07:00 AM posted to alt.comp.os.windows-8,alt.comp.os.windows-10,alt.os.linux
Andrei Z.
external usenet poster
 
Posts: 6
Default BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10

Arlen Holder wrote:
Dateline today, verbatim...
"Security researchers at Eclypsium discovered a vulnerability that
affects the bootloader used by 'virtually every' Linux system,
and almost every Windows device using Secure Boot with Microsoft's
standard Unified Extensible Firmware Interface (UEFI) certificate
authority."

o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10*
https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/

"CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
and sits in the default GRand Unified Bootloader 2 (GRUB2)
but affects systems running Secure Boot even if they are not
using GRUB2.

If successfully exploited, BootHole opens up Windows and Linux devices
to arbitrary code execution during the boot process, even when Secure
Boot is enabled. Meaning an attacker could gain persistence for
stealthily installed malware and give them, "near-total control"
over the device, according to Eclypsium."


"multiple secure boot grub2 and linux kernel vulnerabilities" - oss-security
https://www.openwall.com/lists/oss-s...y/2020/07/29/3

"Mitigating BootHole ..." - Ubuntu
https://ubuntu.com//blog/mitigating-...ulnerabilities
  #3  
Old July 30th 20, 02:02 PM posted to alt.comp.os.windows-8,alt.comp.os.windows-10,alt.os.linux
Big Al[_5_]
external usenet poster
 
Posts: 1,588
Default BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10

On 7/30/20 2:00 AM, this is what Andrei Z. wrote:
Arlen Holder wrote:
Dateline today, verbatim...
Â*Â* "Security researchers at Eclypsium discovered a vulnerability that
Â*Â*Â* affects the bootloader used by 'virtually every' Linux system,
Â*Â*Â* and almost every Windows device using Secure Boot with Microsoft's
Â*Â*Â* standard Unified Extensible Firmware Interface (UEFI) certificate
Â*Â*Â* authority."

o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10*
https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/


Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2)
Â*Â*Â* but affects systems running Secure Boot even if they are not
Â*Â*Â* using GRUB2.

Â*Â* If successfully exploited, BootHole opens up Windows and Linux devices
Â*Â* to arbitrary code execution during the boot process, even when Secure
Â*Â* Boot is enabled. Meaning an attacker could gain persistence for
Â*Â* stealthily installed malware and give them, "near-total control"
Â*Â* over the device, according to Eclypsium."


"multiple secure boot grub2 and linux kernel vulnerabilities" - oss-security
https://www.openwall.com/lists/oss-s...y/2020/07/29/3

"Mitigating BootHole ..." - Ubuntu
https://ubuntu.com//blog/mitigating-...ulnerabilities

My Linux Mint had ~half dozen updates on 7/29 to grub2 and grub2 uefi etc files. Guess they pushed out some fixes.
  #4  
Old July 30th 20, 03:42 PM posted to alt.comp.os.windows-8,alt.comp.os.windows-10,alt.os.linux
Andrei Z.
external usenet poster
 
Posts: 6
Default BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10

Andrei Z. wrote:
Arlen Holder wrote:
Dateline today, verbatim...
Â*Â* "Security researchers at Eclypsium discovered a vulnerability that
Â*Â*Â* affects the bootloader used by 'virtually every' Linux system,
Â*Â*Â* and almost every Windows device using Secure Boot with Microsoft's
Â*Â*Â* standard Unified Extensible Firmware Interface (UEFI) certificate
Â*Â*Â* authority."

o *BootHole Secure Boot Threat Found In Most Every Linux Distro,
Windows 8 And 10*
https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/


Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2)
Â*Â*Â* but affects systems running Secure Boot even if they are not
Â*Â*Â* using GRUB2.

Â*Â* If successfully exploited, BootHole opens up Windows and Linux devices
Â*Â* to arbitrary code execution during the boot process, even when Secure
Â*Â* Boot is enabled. Meaning an attacker could gain persistence for
Â*Â* stealthily installed malware and give them, "near-total control"
Â*Â* over the device, according to Eclypsium."


"multiple secure boot grub2 and linux kernel vulnerabilities" -
oss-security
https://www.openwall.com/lists/oss-s...y/2020/07/29/3

"Mitigating BootHole ..." - Ubuntu
https://ubuntu.com//blog/mitigating-...ulnerabilities

"There’s a Hole in the Boot" - Eclypsium
https://eclypsium.com/2020/07/29/the...e-in-the-boot/

  #5  
Old July 30th 20, 05:01 PM posted to alt.comp.os.windows-8,alt.comp.os.windows-10,alt.os.linux
killa-de-bug
external usenet poster
 
Posts: 2
Default BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10

On Thu, 30 Jul 2020 17:42:52 +0300, Andrei Z. wrote:

Andrei Z. wrote:
Arlen Holder wrote:
Dateline today, verbatim...
Â*Â* "Security researchers at Eclypsium discovered a vulnerability
Â*Â* that
Â*Â*Â* affects the bootloader used by 'virtually every' Linux system,
Â*Â*Â* and almost every Windows device using Secure Boot with
Â*Â*Â* Microsoft's standard Unified Extensible Firmware Interface
Â*Â*Â* (UEFI) certificate authority."

o *BootHole Secure Boot Threat Found In Most Every Linux Distro,
Windows 8 And 10*
https://www.forbes.com/sites/daveywi...othole-secure-

boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-
microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/


Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2)
Â*Â*Â* but affects systems running Secure Boot even if they are not
Â*Â*Â* using GRUB2.

Â*Â* If successfully exploited, BootHole opens up Windows and Linux
Â*Â* devices to arbitrary code execution during the boot process, even
Â*Â* when Secure Boot is enabled. Meaning an attacker could gain
Â*Â* persistence for stealthily installed malware and give them,
Â*Â* "near-total control"
Â*Â* over the device, according to Eclypsium."


"multiple secure boot grub2 and linux kernel vulnerabilities" -
oss-security https://www.openwall.com/lists/oss-s...y/2020/07/29/3

"Mitigating BootHole ..." - Ubuntu
https://ubuntu.com//blog/mitigating-...e-in-the-boot-

cve-2020-10713-and-related-vulnerabilities

"There’s a Hole in the Boot" - Eclypsium
https://eclypsium.com/2020/07/29/the...e-in-the-boot/


My LMDE4 was patched for this yesterday....



--
Pull my Finger
  #6  
Old July 31st 20, 04:50 AM posted to alt.comp.os.windows-8,alt.comp.os.windows-10,alt.os.linux
Andrei Z.
external usenet poster
 
Posts: 6
Default BootHole Secure Boot Threat Found In Most Every Linux Distro,Windows 8 And 10

Andrei Z. wrote:
Andrei Z. wrote:
Arlen Holder wrote:
Dateline today, verbatim...
Â*Â* "Security researchers at Eclypsium discovered a vulnerability that
Â*Â*Â* affects the bootloader used by 'virtually every' Linux system,
Â*Â*Â* and almost every Windows device using Secure Boot with Microsoft's
Â*Â*Â* standard Unified Extensible Firmware Interface (UEFI) certificate
Â*Â*Â* authority."

o *BootHole Secure Boot Threat Found In Most Every Linux Distro,
Windows 8 And 10*
https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/


Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2)
Â*Â*Â* but affects systems running Secure Boot even if they are not
Â*Â*Â* using GRUB2.

Â*Â* If successfully exploited, BootHole opens up Windows and Linux
devices
Â*Â* to arbitrary code execution during the boot process, even when Secure
Â*Â* Boot is enabled. Meaning an attacker could gain persistence for
Â*Â* stealthily installed malware and give them, "near-total control"
Â*Â* over the device, according to Eclypsium."


"multiple secure boot grub2 and linux kernel vulnerabilities" -
oss-security
https://www.openwall.com/lists/oss-s...y/2020/07/29/3

"Mitigating BootHole ..." - Ubuntu
https://ubuntu.com//blog/mitigating-...ulnerabilities

"There’s a Hole in the Boot" - Eclypsium
https://eclypsium.com/2020/07/29/the...e-in-the-boot/


1861977 – RHSA-2020 3216 grub2 security update renders system unbootable
https://bugzilla.redhat.com/show_bug.cgi?id=1861977

1862045 – Grub or Shim dies since updating to grub2-2.02-0.86.el7_8 _
shim-x64-15-7.el7_8
https://bugzilla.redhat.com/show_bug.cgi?id=1862045

Bug #1889509 “grub boot error “symbol 'grub_calloc' not foundâ€
https://bugs.launchpad.net/ubuntu/+s...2/+bug/1889509
See Comment #6 about Debian 10

SecurityTeam_KnowledgeBase_GRUB2SecureBootBypass - Ubuntu Wiki
Recovery
https://wiki.ubuntu.com/SecurityTeam...ypass#Recovery
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 12:46 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.