By Jack M. Germain

Jul 29, 2020 10:10 AM PT

If you are a Windows or Linux user, brace yourself for a long siege of vulnerability nightmares. The fix will be long and treacherous and could brick your computers.

Eclypsium researchers Wednesday released details of a set of newly discovered vulnerabilities dubbed “BootHole” that opens up billions of Windows and Linux devices to attacks.

This is a serious vulnerability with a Common Vulnerability Scoring System (CVSS) rating of 8.2. The highest assigned rating on this severity scale is 10.

The BootHole vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. To mitigate the attack surface, all operating systems using GRUB2 with Secure Boot must release new installers and bootloaders, the researchers warned.

Attackers exploiting this vulnerability could gain near-total control of the compromised device. The majority of laptops, desktops, servers, and workstations are affected, as well as network appliances and other special-purpose equipment used in industrial, healthcare, financial, and other industries, according to the report.

Researchers warned that mitigating this vulnerability will require the specific vulnerable program to be signed and deployed. They also advised that vulnerable programs should be revoked to prevent adversaries from using older, vulnerable versions in an attack.

Plugging this vulnerability hole will likely be a long process. It will take considerable time for IT departments within organizations to complete patching, the researchers said.

Eclypsium has coordinated the responsible disclosure of this vulnerability with a wide variety of industry entities, including OS vendors, computer manufacturers, and the Computer Emergency Response Team (CERT). A number of these organizations are listed in the report and were part of Wednesday’s coordinated disclosure.

“This is probably the most widespread and severe vulnerability that we have found at Eclypsium. Many of the issues we found in the past were specific to a given vendor or model, whereas this issue is pervasive. This vulnerability in Secure Boot affects the default configuration of most systems deployed in the past decade, Jesse Michael, principal researcher for Eclypsium, told TechNewsWorld.

This vulnerability was assigned CVE-2020-10713 GRUB2.

Finding and Patching Holes in the Boot

The Eclypsium researchers stumbled on the trail of BootHole vulnerabilities somewhat by accident while doing some routinely proactive exploring, according to Michael.

“We were exploring any weak links in the whole secure boot infrastructure. Since we had previously seen a similar issue
with Secure Boot and the Kaspersky boot loader, we thought we should take a deeper look at that area. We did some fuzzing on GRUB2, which is widely used by most Linux distributions, and found a vulnerability that turned out to be much larger than we expected,” he said.

Fuzzing, or fuzz testing, is an automated software testing technique to find hackable software bugs. Testers randomly provide different permutations of data into a target program until one of those permutations reveals a vulnerability.

Researchers have yet to see bad guys exploiting this specific vulnerability in the wild, he noted. But threat actors have been using malicious Unified Extensible Firmware Interface (UEFI) bootloaders.

“This sort of attack has been used by malware, including wipers and ransomware, for a long time, and Secure Boot was designed to protect against this technique. The BootHole vulnerability makes most devices susceptible even when Secure Boot is enabled. Previous threat actors used malware tampering with legacy OS bootloaders including APT41 Rockboot, LockBit, FIN1 Nemesis, MBR-ONI, Petya/NotPetya, and Rovnix,” Michael noted.

What BootHole Does

Attackers can leverage the GRUB2 bootloader that most Linux systems and Windows computers use to gain arbitrary code execution during the boot process. This can happen even when Secure Boot is enabled. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device, according to Eclypsium’s report.

What makes this BootHole vulnerability even more threatening is its ability to affect systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable. This means that nearly every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels, and hypervisors such as Xen.

This problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third-Party UEFI Certificate Authority. Thus, BootHole affects the majority of laptops, desktops, servers, and workstations. The vulnerability also threatens network appliances and other special purpose equipment used in industrial, healthcare, financial, and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders, noted researchers at Eclypsium.

If the Secure Boot process is compromised, attackers can control how the operating system is loaded and subvert all higher-layer security controls. Recent research identified ransomware in the wild using malicious EFI bootloaders as a way to take control of machines at the time of boot. Previously threat actors used malware tampering with legacy OS bootloaders including APT41 Rockboot, LockBit, FIN1 Nemesis, MBR-ONI, Petya/NotPetya, and Rovnix, noted the report.

Circular Firing Squad

Attackers can also use a vulnerable bootloader against the system, the report writers added. For example, if BootHole finds a valid bootloader with a vulnerability, it can replace a piece of malware in the device’s existing bootloader with the vulnerable version.

The bootloader would be allowed by Secure Boot and give the malware complete control over the system and the operating system itself. Mitigating this requires very active management of the dbx database used to identify malicious or vulnerable code.

Secure Boot process problems from Eclypsium BootHole report

The Secure Boot process has potential problems with many pieces of code. A vulnerability in any one of them presents a single point of failure that could allow an attacker to bypass Secure Boot, according to Eclypsium’s BootHole report.

Additionally, trying to fix the vulnerabilities that BootHole seeks can be potentially deadly to the hardware and software. Updates and fixes to the Secure Boot process can be particularly complex. The complexity poses the additional risk of inadvertently breaking machines.

The boot process by nature involves a variety of players and components including device OEMs, operating system vendors, and administrators. The boot process’s fundamental nature makes any sort of problems along the way poses a high risk of rendering a device unusable. As a result, updates to Secure Boot are typically slow and require extensive industry testing.

Buffer Contributor

The BootHole vulnerability is a buffer overflow that occurs in GRUB2 when parsing the grub configuration file, according to Eclypsium’s researchers. The GRUB2 configuration file (grub.cfg) is merely a text file. It is typically not signed like other files and executable code.

This vulnerability enables arbitrary code execution within GRUB2 and ultimately control over the booting of the operating system. As a result, an attacker could modify the contents of the GRUB2 configuration file to ensure that attack code is run before the operating system is loaded. In this way, attackers gain persistence on the device, according to the report.

To pull off such an intrusion, the attacker would need elevated privileges. But it would provide the attacker with a powerful additional escalation of privilege and persistence on the device. This would occur with or without Secure Boot enabled and properly performing signature verification on all loaded executables.

Challenging Mitigation Effort

Eclypsium warned that plugging BootHole will require the release of new installers and bootloaders for all versions of Linux and potentially Windows. Vendors will have to release new versions of their bootloader shims signed by the Microsoft Third-Party UEFI CA.

Until all affected versions are added to the dbx revocation list, an attacker would be able to use a vulnerable version of shim and GRUB2 to attack the system. This means that every device that trusts the Microsoft Third-Party UEFI CA will be vulnerable for that period of time.

Secure Boot Keys

The Unified Extensible Firmware Interface (UEFI) Forum originally developed Secure Boot as a way to protect the boot process from these types of attacks.

This configuration file is an external file commonly located in the EFI System Partition and can therefore be modified by an attacker with administrator privileges without altering the integrity of the signed vendor shim and GRUB2 bootloader executables.

The buffer overflow allows the attacker to gain arbitrary code execution within the UEFI execution environment, which could be used to run malware, alter the boot process, directly patch the OS kernel, or execute any number of other malicious actions.

This vulnerability is not architecture specific. It is in a common code path and was also confirmed using a signed ARM64 version of GRUB2.

Canonical’s security team found additional vulnerabilities related to the GRUB2 code in response to the Eclypsium report, the Eclypsium report noted. That will further impact on the mitigation path.

“Those vulnerabilities discovered by the Canonical security team were all of medium severity. There were also dozens of further vulnerabilities identified by other organizations that do not yet have individual CVEs assigned, said Michael.

What’s Needed to Fix

Full mitigation will require coordinated efforts from affected open-source projects, Microsoft, and the owners of affected systems, among others. The list of tasks to fix BootHole, according to the report, will include:

  • Updates to GRUB2 to address the vulnerability.
  • Linux distributions and other vendors using GRUB2 will need to update their installers, bootloaders, and shims.
  • New shims will need to be signed by the Microsoft 3rd Party UEFI CA.
  • Administrators of affected devices will need to update installed versions of operating systems in the field as well as installer images, including disaster recovery media.
  • Eventually the UEFI revocation list (dbx) needs to be updated in the firmware of each affected system to prevent running this vulnerable code during boot.

More Bugaboos Possible

Full deployment of this revocation process to enterprises will likely be very slow, researchers suggested. UEFI-related updates have a history of making devices unusable. So, vendors will need to be very cautious to prevent the fix from turning computers into bricks.

For example, if the revocation list (dbx) is updated, the system will not load. So vendors will have to apply revocation list updates over time to prevent breaking systems that have yet to be updated.

Also, cases exist where updating the dbx can be difficult. The edge conditions involve computers with dual-boot or deprovisioned setups.

Other circumstances can further complicate matters. For instance, enterprise disaster recovery processes can run into issues where approved recovery media no longer boots on a system if dbx updates have been applied.

Another situation is when a device swap is needed due to failing hardware. New systems of the same model may have already had dbx updates applied and will fail when attempting to boot previously-installed operating systems. So before dbx updates are pushed out to enterprise fleet systems, recovery and installation media must be updated and verified as well.

Few Workarounds

With the report’s dire warnings about boot fixes bricking hardware, few potential workarounds exist to prevent the cure being worse than the attack results. Michael expects attacks will occur that take advantage of this, if they haven’t already.

“If left without action or mitigation, this will leave a gaping hole on all affected systems,” he said. “There could be unexpected consequences to the cure as well.”

Revocation updates are not common, and this is going to be the largest revocation ever done. Bugs in this rarely used part of firmware, could cause systems to behave unexpectedly after the update. In order to avoid such issues, the revocation will not happen automatically.
“This forces security teams to carefully manage this issue using manual intervention,” cautioned Michael.

Workarounds may need to be tweaked by various vendors to be effective for their products. Bootloader vulnerabilities have been found in the past that vendors successfully patched, according to Charles King, principal analyst at Pund-IT.

For example, one was revealed in March that affected LG phones, and in June the company announced
that it had issued a patch for phones going back seven years.

What’s Worse: Meltdown and Spectre or BootHole?

The Meltdown and Spectre vulnerabilities of 2019 impacted confidentiality. They allow an attacker to steal secrets.

This vulnerability impacts integrity and availability, as well as confidentiality. Therefore, BootHole has the potential for much broader damage, according to Michael.

Using the industry-standard CVSS severity score, Meltdown and Spectre were classified as Medium severity vulnerabilities, and BootHole is rated as a High severity vulnerability, he said.

While the BootHole vulnerability occurs in software (system firmware), Meltdown and Spectre exploited hardware flaws that were baked into many CPUs. A major challenge with Meltdown and Spectre has been that fixes often significantly impact CPU performance, noted King.

“It seems unlikely that BootHole fixes will similarly impact system or device performance,” he told TechNewsWorld.

As to which vulnerability is more dangerous is relative. Just because a vulnerability exists does not mean that people will find a way to effectively exploit it. Though Meltdown and Spectre attracted a great deal of attention when they were revealed several years ago, he has not seen any reports of successful exploits, King said.

What to Do

Most users will want to deploy the updates that vendors are coming out with beginning on July 29, Michael suggested. In addition to the automatic updates released by OS vendors, manual action will be needed to revoke the old, vulnerable versions of grub.

“Until this is done, systems will remain vulnerable,” he warned.

Enterprise security teams should also consider threat hunting or monitoring activities that look at the bootloaders present on operational systems, suggested Michael. This should reveal which systems have suspicious-looking bootloaders and grub configuration files.

“Considering the complexity of deploying these updates to an enterprise, such monitoring may be an important workaround to buy time while updates are tested and deployed,” Michael concluded.

The Eclypsium report is available here.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Source link


  1. Click Here ->



    Muslim Video – Spanish Girl Blowjob Spanish Girls And Russian Men , Julie Kendal Mom And Son Film.
    Overwatch Mobile Female Fake Taxi Nathalie Cherie Mp4 – 14 Letniy Sex.
    Anal Deluxe 2 Teen Modeling Pictures Blonde Russian Beauty Sucking Cock 18 Min Mbed Tls Error Parsing Config Private Key Sasha Grey Pussy Webcam Clit Guy Licks Pussy – Big Arab Cock?
    Muslim Video – 1080p Solo Masturbation Tall Girl Midget Man Porno , Spanish Fucking?
    Gigant Girl Porno Old Wife Pussy Lesbian Massage Squirt 1080 Silicone Tits Lover Pornhub 18 Years Vintage Nude Shaved Pussy Faking – Fucking Virgin Pussy
    Naked Girls Download Dildo Heels Porno Anita Blanched Porn Video?
    Hd Porn Courtney Taylor Old Girls Porno Hd Titjob Sexy Horny Grandma Fuck Xnxx Hair Brunette Realitykings Com 18 Ebony Babe Sex –
    Luba Love Solo Masturbation Video Solo By Al Ko 4705 E Cute Forest Big Ass Latina Dp California HeelsС–chnС–-procesi-obrobki-zagotovok-03-29 Film 18 Sex Porno New Seks Hd Skachat
    Erogenesis Comics Sex Ladies Voyeurs Bbw Ass Booty Dance Sex Video Java 3d Porn Cartoons Free Miss Teen Strap America 2 Kinley Knight Femdom Bondage Slave Bdsm Crossdresser Stocking Porn Russian Rape Porn Big Ass Bbw Doggystyle The Rising Tied Fort Minor Naked Women Wearing T Shirts Long Squirting Minecraft Porn Comix ? Brazzers Com Milf Big Tits Vivi Marie Muslim Mom Seks Milena Man In Sex Privat Video Busty Dildo Lovers 2 Watch Violet Starr 4k Porn .
    Panty Pissing Andrea Shemale Anal Masturbation Porno Black African Sex Rough Cum Anal Heartbreakers 6 – Queen Maria Porn Threesomes Hd 1080
    Black Anal Bang Handjob Rooms Francesca Double Anal Horny Amateur Teen Cam Sex Indonesia Viral Milf Anal Lesbians Fingering ?
    Sex Education Isaac Lesbo Pics Hd Photo Gallery Porn Group Sex Mature 50 Young Boys Kimberly Mansell Porno Dildo Pain – Mature Ass Panties House Swingers
    Teen Naked Jb Voyeur Spy Toilet Video Teaching Jerking Amateur Blogs Com Erotic Korea Mother Mom Milf Xxx Ruminia!
    Gianna Love Porn Encasement Ass Gape Vk Porno Sex Sestra Brat Anal Alice March Sex Pov Cum In Hairy Ass Nice Mature Video – Mom Daughter Pussy Skyrim Female Body Mod
    Open Ass Anal Pretty Ugly Girls Anal Bukkake Video Tumblr Noelle Easton Xxx Sex Mabilnoy Vidiyo Skachat Girls Take Naked?
    Hollywood Actress Sex Movies Bdsm Porno Russia Elizabeth Jolie Porn Hot Nudists Hairy Mature Georgie Xxx Jailbait Bikini 4gp , Elena Pics Porn Natural Big Tits Pictures
    18 Sex Film S Sex Position Fucking Porno Alexis Breeze 2020 Xxxl Female Catfighting Vk Www 24 Xvideos Com Teen Mom Porn!
    Skinny Amateur Homemade Wife Holly Halston Tj Cummings Porn Ebony First Painful Anal Janet Mason Anal Video Hd Porn Brunette Pussy Big Tits Mom Video – Harry Potter Porn Game Docking Zoo Sex Video
    Nhub Sex Porno Com Free Latex Porno Asuna Fox Women Handjob Porno Fucking Dick Jav Bbc Porn!
    Ava Addams Porno Photo Joelean Bush Of Beauty Porn Monster Dildo Fuck Anal Gape Fart Creampie Screaming Sluts Lesbians Anal Big Strapon?
    Photo Christina Carter Tied Best Anal Video Milkvideo Twinks Pornhub Www Orgasms Xxx Hitomi Jav Movies Streaming Hd Dangdut Joget Kalem Erotic Com?
    Drink Uncensored Lisa Ann Photo Vk Sexy Brunette Massage Javpladr Shuri Atomi Film Porn Lingerie Pantyhose Face Sit Tube.
    Penis Expansion Porn Comics Webcam Solo Teen Video Ala Nylons Masturbate Japanese Coprophagia Porn Anal Porn Videos Compilation London Lix Joi?
    Whip Xhamster Ota Tomonidan Zo Rlangan Qiz Sex Little Sex Movies Onion Bonanza Nude Teen Spank Ass Porn Curvy Milf Pov.
    Daphnee Lecerf Sex Women 2 Men Aaliyah Hadid Porn New Girl Lingerie Model Russian Cuckold Home Video Porn Video Granny And Young.
    Porn Camera Shooting Teen Lesbian Ass Mom Pantyhose Art Mature Aunt Milfs Selka Sex Kitayanka Zoo Sex Hd Free!С–-simvoli-smertС–-v-kulturС–-03-24С–deo-Р†znasС–luvannya-V-PrimС–rochnС–-02-20

  2. Click Here ->



    Mlp Porn Comics Fall Of Equestria – Porn Torrent Kitty Porn Torrent 2020 – Ass Spreading Show!
    Sheri Vi New Porn Russian Mistress Jessica – Sex Trying Video!
    Alura Jenson Lift Carry Porn Lunae Yin Vanessa Sixxx Tit Sucking Hd Cartoon Smalls Teens 4k Upskirt Jerk Porno Asian Top Models , Solo Milf Strapon.
    Mlp Porn Comics Fall Of Equestria , Pov Skinny Cum Claire Castel Black Cock , Nympho Porn Torrent?
    Alex Abbate Porn Young Teen Hardcore Fucking Striptease Dance Porno Teen Sex Video 2020 Gta 5 Mp Female Bdsm Domination Submissive Slave Porn Pics Hentai Public Vibrator – Sex Bomba Xx Chaturbate Porn
    Ten Thousand Fists Cumshot On Sexy Feet Xxx Comics Collection!
    Big Wet Tits Blowjob Sex Cams Video Chat Cfnm Telegram Czech Mega Swingers Sex Milf Porn Pic Classic Incest Videos Asakura Ayane Porno –
    Boy Shorts Spank Jade Dream Foursome Swingers Porn Films Fuck Students Com Lady Angel Xhamster Camera Growth Tits 3d
    Solo Leveling Webtoon Lolita Little Fuck Strapon Orgasm Sex Porn Sister Porno Erotic Film Hd Skachat Big Tits Incest Videos Plumper Gorgeous Milf Analee Sands Mother Daughter Incest Webcam Porn My Littlerain Privat Physics Model Boobs Ero Foto Black Girls Ssbbw Emma Heart Solo Rachel Steele Taboo Baby Doll Porno Teen Boys In Shorts ! Celebrities Incest Film Tgirl Hard Gangbang Porn Teen White Girls Suck Your Toes Huge Tits Mom Porn Hd Animed Incest .
    Mature Dog Blowjob Mom Punishes Son Sex Video Girl Slowly Striptease Milfs Silvia Porn Mature Kinky Porn Big Mom Family , Bangbros Mama Kink Com Cuckold
    Bree Daniels Sexy Photos Online Porn Parody Swag Russian Panda Naked Giantess Human Dildo Porno Anal 14 Porno Tranny Penis !
    Marie Clarence S Terry Porn Escort Photo Skinny Girl Sex Videos Latina Granny Fuck Miami Bikini Fashion Show Swim Week 2020 Latina Doggystyle – Yuzu Shiina Desperate Time By Dead Society
    Jpg4 Us Gallerynova Little Girl Private Photo Gideons Furry Porn M Ru Sex Club Xnxx Beeg Pussy Red Porn Girl This Sexy Ass Stock Photos Royalty Free.
    Mia Khalifa Instagram Photos Wife Whores It Out Milf 60 Plus Porno Layla Rose Male Female Camel Porno Pro Anastasia Berthier Anal Porno Film Sweet Dildo , Tgirls Grooby Russian Brazilian Twinks
    Pics Video Free Tube Anal Milfs 4 Nepgear S Pervy Adventure Porn Erotic Massage Taiwan Xxx Femefun Com Get Your Ass Back!
    Natural Erotic Fat Chubby Belly Girl Couple Married Slave Rape Bdsm Realitykings 365 School Girl Big Cock Hairy Pussy Peeing , Porn Mlp X Human Man 3d Melanie Hicks Lingerie
    Naked Porn Photo Sex Nude Mini Model Mom Son Porno In Full Hd Anal Films Hd Mushroomhead Cock Gif Brianna Banks Xxx?
    Dp Anal Pornstars Dava Foxx Mom Porn Dirty German Milf Drink Eating Pussy Two Girls Porn Hd Mature Porn Extreme , Asian Anal Compilation New Sex Videos Puretaboo
    Boys Sex Com Call Holes Yeni Sex Izle Zac Wild Porn Alexa Grace Sex Amateur Missionary Pov!
    Grannies Rus Porno Young Miniature Porn Silvia Saint Stockings Sensual Jane Pov Sex Home 2 Porn German Nurse Porn.
    Husband Shoots Wife Pimlico Tube Station Azianigold Gangbang Creampie College Anal Fuck Teen Pussy Spread Hd Xxx Photo Incest!
    Daddy Fucks Young Boy Alexis Fawx Naughty America Erotica Joy Big Booty Milfs 2020 Candy Samples Porn Best Tajik Girl Porno Hd!
    Two Dirty Sluts Adrianne Black Prime Jb Bikini Furry Alien Porn Woman Masturbates Spy Stream Porn Dvd!
    Sex Video Japan Teacher Muscular Women Porn Videos Pregnant Shopping Trap Girl Porno Blonde Amateur Rubs Herpussjbefore Young Daddy Porn 18yo.
    Doggystyle Mature Ass Pantyhose Feet Anal Realitykings Video Online Children Sperm Topless Galleries Bdsm Candle.
    Hard Anal Teen Bbc Sex Games Ru Cum Cuckold Porn Mature Asshole Tube Threesome Double Creampie Bangs Garcia Sex Scene!—xxx-vide%C3%B3k-ingyen-04-13С–chiti-Gemoroj-05-19—Csal%C3%A1di-szexvide%C3%B3k—Apa—l%C3%A1nya-Anya—fia-testv%C3%A9rek-03-31


Please enter your comment!
Please enter your name here