UPDATE: UPDATE: patch reported problem causing system to be unbootable
Anyone who has used Linux is familiar with a simple program called Grand Unified Bootloader (GRUB)
GRUB has been around for a long time, but a serious security flaw has been discovered in its latest version (GRUB2), dubbed "BootHole," that allows attackers to completely bypass the secure boot protection built into modern PCs and servers, making it nearly impossible to detect It could allow the installation of malware that is nearly impossible to detect
If you are using a "dual-boot" (or triple-boot) machine set up to use either Windows or Linux, or only Linux, you should update your Linux distribution as soon as possible The same goes for the (probably few) Mac users who have GRUB installed
Patches are already available for the well-known Linux distributions Ubuntu, Debian, Red Hat, and SUSE Microsoft is working on a patch for the Unified Extensible Firmware Interface (UEFI) that will be included in a future Windows Update bundle
UPDATE: Alternatively, you may want to hold off on updating GRUB; several users of Debian and Red Hat-based Linux distributions, including Ubuntu, Fedora, and CentOS, have reported that their systems become unbootable after applying patches reported that they are unable to boot their systems after applying the patch For now, it may be best to severely restrict physical access to Linux systems and ensure that remote access is locked down
BootHole has been given an indefensibly cute logo by the discoverers at Eclypsium, a security firm in Portland, Oregon, but fortunately, the flaw is not always viable
An attacker must have administrative privileges on a Windows or Linux PC to begin with, which in itself opens up many other avenues of attack Also, despite the BootHole logo worm, the likelihood of malware exploiting this flaw spreading from one machine to another is quite low [However, because BootHole affects a disk-level program that runs before the operating system is loaded, a successful exploit can make changes so deep and fundamental that even the best anti-virus software or other tamper detection methods would not be able to detect it
We won't go into details except to say that to exploit BootHole, you need to edit the GRUB configuration file to cause a buffer overflow and install rootkit-type malware This type of hack, old enough to be played on classic rock stations, does exactly what Secure Boot was designed to prevent
Most PCs configured to "dual boot" Linux and Windows have GRUB installed as a bootloader, as do many machines with only Linux installed While it is possible to set up GRUB to boot between different versions of Windows, most people will only run one version of Windows on an emulator
GRUB can also be used on Macs, but it is a bit tricky to use for Apple's proprietary disk formatting and is rarely used on dual-boot (or triple-boot) Macs because there are easier and better methods
It is also possible that an attacker with PC administrator privileges could install GRUB on a machine without GRUB without the primary user's knowledge and use GRUB to exploit the BootHole flaw, whether GRUB is installed or not, Until Microsoft updates the UEFI, the PC is technically vulnerable
If you are a bit Windows-savvy, you can check if your PC is vulnerable by running this text string with administrator privileges in PowerShell:
If it returns "True", your PC is vulnerable If you have a Linux distro installed on your machine, update it If not, do not install Linux until Microsoft updates the UEFI
Comments