New BootHole flaw in Secure Boot affects a huge number of Linux and Windows systems

    Date 30 Jul 2020
    607
    Posted By Brittany Day
    1548605883 Bugbash Story

    A dangerous new vulnerability has been discovered in Secure Boot that affects a huge number of Linux and Windows systems that use the UEFI specification during boot.

     

    The vulnerability, called BootHole, was found by an enterprise security research firm, Eclypsium (spotted by Tom’sHardware). The flaw is specifically present in the GRUB2 file in Secure Boot and can be used by attackers to attain “near-total control” of the victim’s system.

    The firm says that the problem “extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority”, therefore putting a huge number of Windows desktops, laptops, workstations, servers, and other special-purpose equipment that use the technology are affected.

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"14","type":"x","order":"1","pct":60.87,"resources":[]},{"id":"121","title":"No ","votes":"9","type":"x","order":"2","pct":39.13,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.