November 24, 2020

Researchers revealed BootHole vulnerability in the GRUB2 bootloader, both Windows and Linux systems are affected

2 min read

Researchers from security companies revealed a high-risk vulnerability in the secure boot function. This vulnerability is currently named BootHole vulnerability and has not been fixed yet.

This security hole is located in the GRUB2 file in the secure boot function. With this security hole, an attacker can bypass various security restrictions.

After bypassing these security restrictions, the attacker can almost achieve complete control of the system, regardless of whether it is the Linux operating system or the Windows system.

Based on security considerations, developers such as Microsoft will pre-install a variety of security restrictions when manufacturing secure boot functions, such as using certificates in UEFI for security control.

Theoretically speaking, components can only be run after they have been signed by Microsoft. For a long time, Microsoft and Intel have relied on the whitelist system to maintain the security of the secure startup link.

However, the vulnerability can load unsigned code before the operating system runs. If the attacker runs malicious code, it can control the computer. It is worth noting that the attacker can also modify the GRUB2 file to achieve code persistence.

This problem will affect a large number of servers, workstations, industrial control equipment, laptops, desktops, and other equipment running Windows or Linux operating systems.

Although this vulnerability is extremely harmful, it is not yet clear how to quickly fix it. Researchers have notified industry vendors and organizations of the vulnerability before disclosing the vulnerability.

The industry will hold an online seminar on August 5 to discuss how to mitigate and fix the vulnerability, including Microsoft, the UEFI team, Oracle, and Debian will participate.

Theoretically, this vulnerability should be blocked at the software level. Therefore, improving the security defense at the operating system level should prevent attackers from infiltrating UEFI, but the specific management needs to wait for manufacturers to discuss and explain.