Secure Boot-enabled Windows devices have a bootloader bug

Don Sharpe
by Don Sharpe
Author
0 Comments
Download PDF
Affiliate Disclosure

  • Right now, hackers could take control of your Windows 10 device and execute malware by exploiting a boot loading vulnerability.
  • The bug affects Linux systems using the GRUB2 bootloader and Windows systems with Secure Boot enabled.
  • For solutions to common Windows 10 bugs, check out the Bugs section.
  • Don't forget to explore the Security page to stay up-to-date on cybersecurity issues affecting Windows 10 and other Microsoft applications.
Windows bootloader bug

Right now, hackers could take control of your Windows 10 device and execute malware by exploiting a boot loading vulnerability.

Eclypsium researchers published details of the bug, dubbed BootHole, which affects systems that utilize the GRUB2 bootloader.

However, Windows systems that don’t use GRUB2 aren’t safe from potential BootHole attacks either, even with Secure Boot enabled.

The BootHole bug affects Windows devices

The recently uncovered BootHole bug may enable attackers to install undetectable bootkits or malicious bootloaders on a Windows machine. Once a threat actor has installed such malware to tamper with the security of the boot process, they can take full control of the victim’s PC.

To make matters worse, we’re talking about attackers taking control of your machine, not just the OS.

Say, your PC got attacked this way and your  antimalware solution failed to fix the problem. You’d probably resort to uninstalling Windows and formatting your hard drive .

Sadly, the problem wouldn’t go away because reinstalling your OS wouldn’t fix the compromised firmware.

Here’s how Eclypsium describes the scope of the vulnerability:

The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.

The bug primarily affects Linux systems because of their reliance on the GRUB2 bootloader. And according to Eclypsium, a GRUB2 buffer overflow during the parsing of the grub.cfg file is the root of the vulnerability.

Also, in systems that have UEFI Secured Boot enabled, the bug lets the threat actor execute arbitrary code.

In the meantime, be on the lookout for BootHole bug fixes from Microsoft or theUEFI Security Response Team. Other vendors/developers of impacted systems should be rolling out a patch any time now.

Would you like to share your views or ask any questions about the Windows BootHole bug? Kindly drop us a note in the comments box below.