Windows 10: BootHole vulnerability in Secure Boot affecting Linux and Windows

Read more: https://eclypsium.com/2020/07/29/the...e-in-the-boot/

:)

 

Windows 8 Secure Boot Feature: Not So Secure?

So Linux is switching to secure boot also? Or they have to because of UEFI?

 

Windows 8 Secure Boot Feature: Not So Secure?

• Linux
• Linux
• Linux
• Linux
• Oh and OSX

Here is a statement from a Kernal Developer at Red Hat:

I'm not sure this exploits the legacy BIOS but rather it exploits the legacy boot method on MBR drives, injecting a signed key before the OS boots, which you are correct in that it has nothing to do with Windows 8. And the simplest fix would just be to require boot drives use GPT when Secure Boot is enabled in UEFI.

 

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: Statement from the Industry Consortium for Advancement of Security on the Internet (ICASI) on the Wi-Fi Protected Access (WPA) Vulnerabilities

Source: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080