CyberSecurityBoard
Sponsor Register Login

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

"While threat actors would likely require physical device access to exploit the U-boot or Barebox vulnerabilities, in the case of GRUB2, the vulnerabilities could further be exploited to bypass Secure Boot and install stealthy bootkits or potentially bypass other security mechanisms, such as BitLocker," explains Microsoft. Using the findings in the analysis, Microsoft says Security Copilot found similar bugs in projects utilizing shared code with GRUB2, such as U-boot and Barebox. Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. GRUB2, U-boot, and Barebox released security updates for the vulnerabilities in February 2025, so updating to the latest versions should mitigate the flaws. Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Microsoft says Security Copilot dramatically accelerated the vulnerability discovery process in a large and complex codebase, such as GRUB2, saving approximately 1 week of time that would be required for manual analysis. The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device. GRUB2 (GRand Unified Bootloader) is the default boot loader for most Linux distributions, including Ubuntu, while U-Boot and Barebox are commonly used in embedded and IoT devices. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit. Not only did the AI tool identify the previously undiscovered flaws, but it also provided targeted mitigation recommendations that could provide pointers and accelerate the issuing of security patches, especially in open-source projects supported by volunteer contributors and small core teams.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 31 Mar 2025 20:00:04 +0000


Cyber News related to Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders - "While threat actors would likely require physical device access to exploit the U-boot or Barebox vulnerabilities, in the case of GRUB2, the vulnerabilities could further be exploited to bypass Secure Boot and install stealthy bootkits or potentially ...
2 months ago Bleepingcomputer.com
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs - Researchers have uncovered "LogoFAIL," a set of critical vulnerabilities present in the Unified Extensible Firmware Interface ecosystem for PCs. Exploitation of the vulnerabilities nullify essential endpoint security measures and provide attackers ...
1 year ago Darkreading.com
Linux Distros Hit by RCE Vulnerability in Shim Bootloader - Linux shim, a small piece of code that many major Linux distros use during the secure boot process, has a remote code execution vulnerability in it that gives attackers a way to take complete control of affected systems. All Linux distributions that ...
1 year ago Darkreading.com CVE-2023-40547
CVE-2020-7205 - A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. ...
3 years ago
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Microsoft fixes Linux boot issues on dual-boot Windows systems - Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. Microsoft confirmed the known issue following widespread reports, ...
1 month ago Bleepingcomputer.com CVE-2022-2601
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
2 years ago Securityaffairs.com
Linux Grub Read Command Buffer Overflow Vulnerability Enabling Potential Secure Boot Bypass - This memory corruption could destabilize GRUB’s internal data structures, creating opportunities to subvert Secure Boot’s signature verification process a critical defense against unauthorized operating system or kernel-level malware. It could ...
4 months ago Cybersecuritynews.com
LogoFail vulnerability affects many Windows and Linux devices - Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot. ADVERTISEMENT. Security researchers at Binarly have disclosed security vulnerabilities in system firmware used by ...
1 year ago Ghacks.net
CVSS 9.8 Bootkit Bug in shim.efi - A Microsoft researcher found it-and it's somehow Microsoft's fault. A critical vulnerability in most Linux distributions now has a patch ready. Enterprise users especially need this if booting using HTTP or PXE. So go get it. In today's SB Blogwatch, ...
1 year ago Securityboulevard.com CVE-2023-40547
CVE-2022-27632 - Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, ...
3 years ago
CVE-2022-28717 - Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini ...
3 years ago
GRUB2 Vulnerabilities Exposes Millions of Linux Systems to Cyber Attack - A critical set of 20 vulnerabilities in GRUB2, the ubiquitous bootloader underpinning most Linux distributions and Unix-like systems, has exposed millions of devices to potential secure boot bypass, remote code execution, and persistent ...
3 months ago Cybersecuritynews.com CVE-2025-0624 CVE-2020-27779
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
CVE-2024-35803 - In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. ...
1 year ago Tenable.com
9 UEFI Flaws Expose Computers to Remote Attacks - Hackers exploit UEFI flaws to gain unauthorized access to a system's firmware, enabling them to implant persistent malware or manipulate the boot process. This provides a stealthy entry point that allows attackers to bypass traditional security ...
1 year ago Gbhackers.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
1 year ago Bleepingcomputer.com CVE-2023-42325 CVE-2023-42327 CVE-2023-42326
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
1 year ago Bleepingcomputer.com
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
3 months ago Bleepingcomputer.com
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack - Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or ...
1 year ago Arstechnica.com
CVE-2022-23005 - Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage ...
2 years ago
Clevo Devices Boot Guard Private Key Exposed Via Firmware Update Packages - Boot Guard private keys were found exposed within firmware update packages, potentially allowing attackers to bypass critical security protections in affected devices. Researchers at Binary Research have uncovered that private cryptographic keys used ...
2 months ago Cybersecuritynews.com
Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover - Microsoft has identified four vulnerabilities in the Perforce source-code management platform, the most critical of which gives attackers access to a highly privileged Windows OS account to potentially take over the system via remote code execution ...
1 year ago Darkreading.com CVE-2023-45849 CVE-2023-35767 CVE-2023-45319 CVE-2023-5759
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 Akira

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)