CyberSecurity news
FlagThis
Laura French@scmagazine.com
//
Microsoft's AI tool, Security Copilot, has identified 20 critical vulnerabilities in open-source bootloaders, including GRUB2, U-Boot, and Barebox. These bootloaders are vital for initializing operating systems, especially in Linux environments and embedded systems. The findings highlight the potential for attackers to bypass UEFI Secure Boot, a security standard designed to ensure that only trusted software runs during startup. Security updates addressing these flaws were released in February 2025.
The discovered vulnerabilities, including an exploitable integer overflow, could allow attackers to execute arbitrary code and install persistent malware that may survive OS reinstallation. In the case of GRUB2, attackers could potentially bypass Secure Boot, install stealthy bootkits, and evade enterprise security mechanisms. This could grant threat actors complete control over devices, compromise additional devices on the network, and enable persistent threats. Microsoft used traditional discovery methods, including static code analysis, manual code analysis and fuzzing, with assistance from Microsoft Security Copilot.
ImgSrc: files.cyberrisk
References :
The discovered vulnerabilities, including an exploitable integer overflow, could allow attackers to execute arbitrary code and install persistent malware that may survive OS reinstallation. In the case of GRUB2, attackers could potentially bypass Secure Boot, install stealthy bootkits, and evade enterprise security mechanisms. This could grant threat actors complete control over devices, compromise additional devices on the network, and enable persistent threats. Microsoft used traditional discovery methods, including static code analysis, manual code analysis and fuzzing, with assistance from Microsoft Security Copilot.
ImgSrc: files.cyberrisk
Share:
References :
- The Hacker News: The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of
- Microsoft Security Blog: Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we identified and refined security issues, ultimately uncovering an exploitable integer overflow vulnerability in the GRUB2, U-boot, and Barebox bootloaders. The post appeared first on .
- bsky.app: Microsoft used its AI-powered Security Copilot to discover 20Â previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. https://www.bleepingcomputer.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/
- BleepingComputer: Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders
- www.csoonline.com: Microsoft’s AI tool catches critical GRUB2, U-boot bootloader flaws
- www.scworld.com: Microsoft touts bug finds from Security Copilot
Classification:
- HashTags: #AICybersecurity #BootloaderVulnerability #SecureBoot
- Company: Microsoft
- Target: UEFI Systems
- Product: Security Copilot
- Feature: AI Discovery
- Type: AI
- Severity: Critical