Return to the list of client alerts
Okay, until the NSA warning I had no clue what that was. The Grand Unified Bootloader, Release 2, AKA GRUB2, is used on most Linux systems, and trusted by Windows 8 and Windows 10, even though it doesn’t use it.
NOTE: FOR THOSE OF YOU WORKING ON GETTING CMMC CERTIFIABLE, THIS IS ONE OF THOSE “THREAT INTELLIGENCE” AND “DETECT AND MITIGATE” THE THREAT THINGS THEY WANT YOU TO WORRY ABOUT.
Experts this bug is exploitable on billions of devices.
But there is good news and bad news.
First a little background.
The vulnerability is called BootHole because every big vulnerability needs a cool name. The hole is the ability to compromise the secure boot process on all these Linux and Windows systems.
If the boot process is not secure, nothing is secure.
And since this exploit lays below the operating system, no software running on the operating system, Windows or Linux, is able to see this malware.
One reason the NSA is worried is that a likely target would be the Department of Defense and the Defense Industrial Base companies.
Okay, so what is the good news? The good news is that AT LEAST RIGHT NOW, the bad guys need either physical access or admin privileges to exploit the bug. So that reduces the attack footprint.
The bad news? If this blog didn’t need to be rated PG….
Shucks. Darn. Patching this thing is going to be a , hmm, problem.
There are multiple steps and they need to be done in the right order and it is possible that even then, third party hardware and software may stop working.
Our recommendation. Take it slow. Test everything as best as possible. Ramp up compensating controls a little bit. And cross your fingers.
Not the best, but as good as we have right now.
And stay tuned. Now that the bad guys understand this, they may figure out an easier way to exploit it. And, if they do, wiping the disk and reinstalling the operating system may not fix it. This could be a persistent and advanced threat, AKA “APT”.
For more information, check out Microsoft’s alert, Government Computer News and the NSA Press Release.