1548605883 Bugbash Story Esm W900

A dangerous new vulnerability has been discovered in Secure Boot that affects a huge number of Linux and Windows systems that use the UEFI specification during boot.

 

The vulnerability, called BootHole, was found by an enterprise security research firm, Eclypsium (spotted by Tom’sHardware). The flaw is specifically present in the GRUB2 file in Secure Boot and can be used by attackers to attain “near-total control” of the victim’s system.

The firm says that the problem “extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority”, therefore putting a huge number of Windows desktops, laptops, workstations, servers, and other special-purpose equipment that use the technology are affected.