Researchers at enterprise device security company Eclypsium reported a buffer-flow flaw during booting that could potentially compromise billions of Linux and Windows-based computing devices.
The vulnerability affects devices and operating systems employing signed versions of the open source GRUB2 bootloader software used in most Linux systems, and systems or devices utilizing the Secure Boot root firmware interface with Microsoft's standard third-party certificate authority.
The researchers said, "If this process is compromised, attackers can control how the operating system is loaded and subvert all higher-layer security controls."
Bypassing the boot process could give attackers persistent, cloaked root-level access free of temporary credentials or access privileges.
From Federal Computer Week
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found