Home>Blog>The Hacker News Headlines>Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders
The Hacker News Headlines

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

Boot Loaders

A security feature bypass vulnerability has been uncovered in
three signed third-party Unified Extensible Firmware Interface
(UEFI) boot loaders that allow bypass of the UEFI Secure Boot
feature.

“These vulnerabilities can be exploited by mounting the EFI
System Partition and replacing the existing bootloader with the
vulnerable one, or modifying a UEFI variable to load the vulnerable
loader instead of the existing one,” hardware security firm
Eclypsium said[1]
in a report shared with The Hacker News.

CyberSecurity

The following vendor-specific boot loaders[2], which were signed and
authenticated by Microsoft, have been found vulnerable to the
bypass and have been patched as part of the tech giant’s Patch Tuesday update[3]
released this week –

Secure Boot is a security standard[4]
designed to thwart malicious programs from loading when a computer
starts up (boots) and ensure only the software that is trusted by
the Original Equipment Manufacturer (OEM) is launched.

Boot Loaders

In other words, successful exploitation of the flaws could
permit an adversary to circumvent security guardrails at startup
and execute arbitrary unsigned code during the boot process.

This can have further knock-on effects, enabling a bad actor to
gain entrenched access and establish persistence[5]
on a host through in a manner that can survive operating system
reinstalls and hard drive replacements, not to mention completely
bypassing detection by security software.

CyberSecurity

Calling CVE-2022-34302 “far more stealthy,” Eclypsium noted the
New Horizon Datasys vulnerability is not only trivial to exploit in
the wild, but can also “enable even more complex evasions such as
disabling security handlers.”

Security handlers, for instance, can include[6]
Trusted Platform Module (TPM) measurements and signature checks,
Eclypsium researchers Mickey Shkatov and Jesse Michael said.

It’s worth noting that exploiting these vulnerabilities requires
an attacker to have administrator privileges, although gaining
local privilege escalation is not insurmountable.

“Much like BootHole[7], these vulnerabilities
highlight the challenges of ensuring the boot integrity of devices
that rely on a complex supply chain of vendors and code working
together,” the researchers concluded, adding “these issues
highlight how simple vulnerabilities in third-party code can
undermine the entire process.”

References

  1. ^
    said
    (eclypsium.com)
  2. ^
    vendor-specific boot loaders
    (kb.cert.org)
  3. ^
    Patch
    Tuesday update     (thehackernews.com)
  4. ^
    security
    standard     (docs.microsoft.com)
  5. ^
    establish persistence
    (thehackernews.com)
  6. ^
    include
    (docs.microsoft.com)
  7. ^
    BootHole
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.