We always recommend keeping the operating system updated, updating the programs and having good security software that protects us from possible computer attacks. However, vulnerabilities do not always depend on us and how we use them on the computer. Sometimes, as has happened with the new BootHole failure, a poor implementation of the security measures of any system can lead to a computer attack that is carried out before the system loads and, therefore, it is impossible to detect .
This is BootHole
A few hours ago, information began to circulate on the network about a vulnerability, quite serious, that endangers the security of all computers that use both Windows and Linux. The only requirement is that the computers have UEFI (something that 100% of computers have today) and, in addition, that their startup is done through Secure Boot . Regardless of the configuration and software used, this failure can affect any device, Windows or Linux. You only need to have the third-party UEFI certification, something that for compatibility reasons is found in any type of PC.
This vulnerability, called BootHole, has been considered by security researchers as “critical”. This is because it affects the boot process of the operating system. The exploit created to demonstrate this vulnerability is also capable of modifying the GRUB file (Linux bootloader, the most used on Dual-Boot systems) to create persistent access to the system because its configuration is not signed or encrypted.
As it is a type of computer attack that runs before the OS starts , conventional security measures cannot protect us from it. If successful, a hacker could gain complete control over the system.
How to protect ourselves
To solve it at the UEFI level, effort and coordination between manufacturers and entities are necessary. Therefore, it will surely take us a long time to see this solution within the firmware itself.
Fortunately, however, the Linux community has been quick to respond to this security flaw. In the last few hours, the first patches have started to circulate over the network to protect users from this serious vulnerability. Major Linux operating systems like Red Hat, Debian, SUSE and even Ubuntu have already released updates to fix the vulnerability in GRUB bootloaders to prevent this bug from being exploited. Little by little, these new patches will be reaching more distributions. If we have a Dual-Boot configuration, updating GRUB2 from the Linux system our Windows will also be protected. But if we have installed GRUB2 independently, then we will have to update it manually to prevent it from being exploited.
In addition to the above, it is recommended to follow the basic security tips of any operating system. That is, we must choose a good security software from the list of the best antivirus, install all the OS updates and check periodically for updates for the UEFI of our motherboard.
