A new vulnerability has been discovered in Secure Boot which places a large number of Windows machines at risk.

Boothole was discovered by security company Eclypsium, and the flaw in the GRUB2 file in Secure Boot can result in “near-total control” of the victim’s system.

The vulnerability affects the boot process, and malicious code is executed before the OS is loaded, meaning OS-based security procedures are circumvented.  The exploit can also modify the GRUB file to give persistent access to the device.

The flaw  “extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority”, and would require a  “coordinated efforts from a variety of entities” to fix it, suggesting any fix will be slow to roll out.

At present the company suggests companies should monitoring UEFI bootloaders and firmware, verifying UEFI configurations and test recovery capabilities. Read more about the mitigation procedures here.

via Neowin.

Comments