Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Microsoft Uses Security Copilot to Identify 20 Flaws in Open-Source Bootloaders

Share

Microsoft Security Copilot, an artificial intelligence (AI) cybersecurity tool, was used to discover several previously unknown vulnerabilities in open-source bootloaders. The Redmond-based tech giant recently revealed a list of the security flaws discovered in three commonly used bootloaders. One of the bootloaders is the default for many Linux-based systems, while the other two are typically used for embedded systems and Internet of Things (IoT) devices. Notably, Microsoft has informed the bootloader maintainers about the exploits, and they have released security updates to fix them.

Microsoft Showcases Its AI System’s Vulnerability Discovery Process

In a blog post, Microsoft detailed the discovery process and extent of risk with these vulnerabilities. The company used Security Copilot, an AI-powered security analysis tool that can assist in protecting organisations from threat actors as well as discovering security flaws. These vulnerabilities were detected in GRand Unified Bootloader (GRUB2), U-Boot, and Barebox, commonly used bootloaders for operating systems and devices.

GRUB2 is the default bootloader for many Linux-based systems, whereas U-Boot and Barebox are generally seen in embedded systems and IoT devices. Notably, a bootloader is a small program that runs before the operating system (OS) starts. It is responsible for loading the OS into memory and initiating the boot process.

By using AI, Microsoft Threat Intelligence discovered 11 vulnerabilities in GRUB2, including issues like integer overflows, buffer overflows, and a cryptographic side-channel flaw. These security flaws could allow threat actors to bypass the Unified Extensible Firmware Interface (UEFI) Secure Boot, which is designed to prevent unauthorised code from running during the boot process.

Security Copilot also discovered nine vulnerabilities in U-Boot and Barebox. These were primarily buffer overflows that affected file systems such as SquashFS, EXT4, CramFS, JFFS2, and symlinks. Notably, the threat actor would need to have physical access to the device to exploit these flaws, however, the security risk still exists.

In the case of GRUB2, Microsoft explained that the vulnerabilities could be exploited by attackers to install stealthy bootkits remotely. This is concerning, as such bootkits can persist even after reinstalling the operating system or replacing the hard drive.

The teams behind GRUB2, U-Boot, and Barebox have already released security updates in February to address these vulnerabilities. Users are advised to update their systems to the latest versions to protect themselves from potential cyberattacks.

Affiliate links may be automatically generated – see our ethics statement for details.