Recent Posts

Recent Comments

    Archives

    Categories

    Meta

    Blogroll

    Recent Posts

    Search

    Microsoft August Patch Tuesday fixes critical Secure Boot GRUB vulnerability

    August 13th, 2022 by

    KB5012170: Microsoft August Patch Tuesday fixes critical Secure Boot GRUB vulnerability

    “In this month’s Patch, the Redmond company also issued an important fix related to the Secure Boot DBX with its KB5012170 update.

    For those unaware, the Secure Boot Forbidden Signature Database or DBX is basically a block-list for blacklisted UEFI executables that were found to be bad. The latest KB5012170 update adds signatures of the known vulnerable UEFI modules to the DBX, meaning they will no longer be able to run after this update. The signatures this time are related to the GRand Unified Boot Loader (GRUB) vulnerability also called BootHole.

    The official Microsoft bulletin explains how the attack works:

    Microsoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB), commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass.

    To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.”

    Posted in Newsletters, Patches, Updates | No Comments »



    Leave a Reply