Windows 10: Windows Boothole vulnerability - how to verify if it is fixed

z080236 · Feb 19, 2021

Boothole vulnerability

BootHole vulnerability in Secure Boot affecting Linux and Windows

Windows has recently released a patch for the boothole vulnerability

https://support.microsoft.com/en-us/...7-d0c32ead81e2

Based on the https://msrc.microsoft.com/update-gu.../CVE-2020-0689

For Windows server 2016
I installed the update based on this:
1. Servicing Stack Update KB4576750
2. Standalone Secure Boot Update Listed in this CVE KB4535680
3. Jan 2021 Security Update KB4598243

Based on https://msrc.microsoft.com/update-gu...lity/ADV200011
I just run this command to verify?

[System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Microsoft Corporation UEFI CA 2011'

:)

Brink · Feb 19, 2021

BootHole vulnerability in Secure Boot affecting Linux and Windows

“BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with Secure Boot must release new installers and bootloaders.

Join Eclypsium for a webinar “Managing The Hole In Secure Boot” on August 5th, where CEO Yuriy Bulygin and VP R&D John Loucaides will provide advice on mitigating this vulnerability.

Download the PDF >

INTRODUCTION

Eclypsium researchers have discovered a vulnerability — dubbed “BootHole” — in the GRUB2 bootloader utilized by most Linux systems that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device.

The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.

Eclypsium has coordinated the responsible disclosure of this vulnerability with a variety of industry entities, including OS vendors, computer manufacturers, and CERTs. Mitigation will require new bootloaders to be signed and deployed, and vulnerable bootloaders should be revoked to prevent adversaries from using older, vulnerable versions in an attack. This will likely be a long process and take considerable time for organizations to complete patching.

TABLE OF CONTENTS

Background: Secure Boot, GRUB2, and CAs

Threats to the Boot Process

UEFI Secure Boot

Chains of Trust and GRUB2

Challenges of Secure Boot

Breaking Secure Boot Through GRUB2

Vulnerability Analysis

Additional Vulnerabilities

Impact

Mitigation

Recommendations

Conclusions

Click to expand...

Read more: https://eclypsium.com/2020/07/29/the...e-in-the-boot/

Yukikaze · Feb 19, 2021

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

Source: Security Update Guide - Microsoft Security Response Center

RichardEiler · Feb 19, 2021

vulnerability fix

What "below vulnerability" would that be?

Hint: review your posting after being submitted to verify that all of the information that you wish to relate when asking a question is present and relevant to your query at hand.

We'll be waiting for your next reply.

-Richard

Windows 10: Windows Boothole vulnerability - how to verify if it is fixed

Windows Boothole vulnerability - how to verify if it is fixed

Windows Boothole vulnerability - how to verify if it is fixed

Windows Boothole vulnerability - how to verify if it is fixed

Windows Boothole vulnerability - how to verify if it is fixed - Similar Threads - Boothole vulnerability verify

WinVerifyTrust vulnerability fix

WinVerifyTrust vulnerability fix

How to fix driver verifier dma volation

How to fix driver verifier dma volation

How to fix Driver Verifier DMA Violation?

Failed to register and start service for the vulnerable driver - How to fix?

KB5012170 Secure Boothole is already installed.

KB5012170 Secure Boothole is already installed.

BootHole vulnerability in Secure Boot affecting Linux and Windows