Microsoft has leveraged its Security Copilot, an AI-driven cybersecurity tool, to uncover multiple previously undisclosed vulnerabilities in open-source bootloaders. The company recently disclosed a range of security issues identified in three widely utilized bootloaders. Among these, one serves as the default for numerous Linux-based systems, while the other two are predominantly utilized in embedded systems and Internet of Things (IoT) devices. Microsoft has also notified the maintainers of these bootloaders, who have subsequently issued security updates to rectify the identified flaws.
Microsoft Showcases Its AI System’s Vulnerability Discovery Process
In a blog post, Microsoft elaborated on the process of discovering these vulnerabilities and the associated risks. Utilizing Security Copilot, an AI-enhanced security analysis tool, the company aims to safeguard organizations from malicious actors while identifying potential security gaps. The vulnerabilities were found in the GRand Unified Bootloader (GRUB2), U-Boot, and Barebox, which are frequently employed bootloaders for various operating systems and devices.
GRUB2 serves as the standard bootloader for many Linux systems, while U-Boot and Barebox are typically found in embedded systems and IoT applications. Importantly, a bootloader is a critical program that initializes before the operating system (OS) boots, facilitating the loading of the OS into memory.
Through its AI technology, Microsoft Threat Intelligence discovered a total of 11 vulnerabilities in GRUB2, encompassing integer overflows, buffer overflows, and a cryptographic side-channel problem. These vulnerabilities pose a significant risk, potentially enabling threat actors to circumvent the Unified Extensible Firmware Interface (UEFI) Secure Boot, which is intended to prevent unauthorized code execution during the boot process.
Additionally, Security Copilot identified nine vulnerabilities in both U-Boot and Barebox. These primarily consist of buffer overflows affecting various file systems such as SquashFS, EXT4, CramFS, JFFS2, and symlinks. Notably, exploitation would require physical access to the affected device, yet the risk remains a matter of concern.
Specifically regarding GRUB2, Microsoft indicated that the discovered vulnerabilities could allow attackers to deploy covert bootkits remotely. Such malicious software can maintain persistence even following an operating system reinstallation or hard drive replacement, raising serious security implications.
The teams responsible for GRUB2, U-Boot, and Barebox have already released security patches in February to address these vulnerabilities. Users are strongly encouraged to update their systems to the latest versions to bolster their defenses against potential cyber threats.
