GRUB2, one of the world’s most-widely used programs for booting up computers, has a vulnerability that can make it easier for attackers to run malicious firmware during startup, researchers said on Wednesday. This would affect millions or possibly hundreds of millions of machines. While GRUB2 is mainly used in computers running Linux, attacks that exploit the vulnerability can be performed on many PCs running Windows as well.
The vulnerability, discovered by researchers from security firm Eclypsium, poses yet another serious threat to UEFI Secure Boot, an industry-wide standard that uses cryptographic signatures to ensure that software used during startup is trusted by a computer’s manufacturer. Secure Boot was designed to prevent attackers from hijacking the boot process by replacing the intended software with malicious software.
Stealthier, more powerful, and hard to disinfect
So-called bootkits are among the most serious types of infections because they run at the lowest level of the software stack. That allows the malware to be stealthier than most malware, survive operating system reinstallations, and circumvent security protections built into the OS.