Share this article

Improve this guide

Secure Boot-enabled Windows devices have a bootloader bug

2 min. read

Published onJuly 30, 2020

published onJuly 30, 2020

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Right now, hackers could take control of yourWindows 10device and execute malware by exploiting a boot loading vulnerability.

Eclypsium researchers published details of the bug, dubbed BootHole, which affects systems that utilize the GRUB2 bootloader.

However, Windows systems that don’t use GRUB2 aren’t safe from potential BootHole attacks either, even with Secure Boot enabled.

The BootHole bug affects Windows devices

The recently uncovered BootHole bug may enable attackers to install undetectable bootkits or malicious bootloaders on a Windows machine. Once a threat actor has installed suchmalwareto tamper with the security of the boot process, they can take full control of the victim’s PC.

To make matters worse, we’re talking about attackers taking control of your machine, not just the OS.

Say, your PC got attacked this way and yourantimalwaresolution failed to fix the problem. You’d probably resort to uninstalling Windows and formatting your hard drive .

Sadly, the problem wouldn’t go away because reinstalling your OS wouldn’t fix the compromised firmware.

Here’s how Eclypsiumdescribesthe scope of the vulnerability:

The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.

The bug primarily affects Linux systems because of their reliance on the GRUB2 bootloader. And according to Eclypsium, a GRUB2 buffer overflow during the parsing of the grub.cfg file is the root of the vulnerability.

Also, in systems that have UEFI Secured Boot enabled, the bug lets the threat actor execute arbitrary code.

In the meantime, be on the lookout for BootHole bug fixes from Microsoft or theUEFI Security Response Team. Other vendors/developers of impacted systems should be rolling out a patch any time now.

Would you like to share your views or ask any questions about the Windows BootHole bug? Kindly drop us a note in the comments box below.

[wl_navigator]

More about the topics:bugs,Cybersecurity,windows 10

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.