A new vulnerability has been discovered recently, affecting and tampering the boot settings for Windows and another operating system. The vulnerability, which is codenamed BootHole, is what affects the components of the Secure Boot process. It allows hackers and attackers to damage and modify the boot loading process. It uses the bootloader to attack the system, which is responsible for loading the firmware to start the operating system.
The vulnerability is in GRUB 2, which is one of the most popular and used boot components. It is used as a bootloader component in Windows, macOS, and all BSD based systems. It is why the impact of this vulnerability is widespread.
BootHole has discovered security by researchers from Eclypsium, for which the details have been published on their blog. The vulnerability adds malicious code during the boot process, which allows for planting a bug in the OS, providing them full control of the system. The malware remains in a different location or memory from that of the OS, such as the motherboard’s physical memory.
As per the researchers, the malware remains in grub.cfg and attacks the file to modify the buffer overflow. It was found that the malware not only works on independent systems but also on servers and workstations, which could turn out to be a big security issue for organizations. It also works on SecureBoot enabled systems and devices.
However, it was also found that without the admin access to the grub.cfg file, attackers cannot affect the system. To prevent any bigger damage to the organization and their remote servers, companies like Microsoft, Red Hat, Canonical, SuSE, Oracle, VMWare, Citrix, etc. are releasing the security patch, which would help avoid this security threat. Although issues such as these in the bootloader take time to be resolved, they are assured that the security patches will secure most of the servers and workstations used by companies.