Windows and Linux PCs running the UEFI specification are at risk from a vulnerability that occurs in Secure Boot during system boot. Known as BootHole, the flaw was disclosed by security company Eclypsium (via Tom’sHardware) and is located in the GRUB2 files in Secure Boot.
By leveraging this vulnerability, bad actors could get wide control over a target system. According to Eclypsium, the flaw “extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority.”
In other words, many Windows-related systems are affected, including hardware and servers.
If you’re unfamiliar with Secure Boot, it is a PC industry standard used to secure system boots. It ensures boots happen only when software is trusted from the OEM. Whenever a system using Secure Boot is started, the firmware looks for signatures of boot software, including UEFI drivers. If these are valid, the system is allowed to boot.
Eclypsium points out BootHole is critical because it occurs at boot level. This would mean any nefarious content loaded could be executed before the systems security tools are put to use. It would also allow attackers to gain near total control of the system.
The firm “coordinated the responsible disclosure of this vulnerability with a variety of industry entities, including OS vendors, PC manufacturers, and CERTs”.
On August 5, Eclypsium will hots a webinar to discuss ways to prevent the flaw. In the meantime, the company says it wants companies affected by the problem to make announcements. Those include Microsoft, Oracle, Debian, and the UEFI Security Response Team (USRT).
Furthermore, the security company thinks only affected entities working together will mitigate the BootHole vulnerability.
It’s worth reading Eclypsium’s entire report which includes all the technical details behind this vulnerability.