Operating system maintainers, computer manufacturers, security and virtualization software vendors have worked together over the past few months to coordinate a unified response to a vulnerability that allows attackers to bypass boot process integrity verification, one of the key security features of modern computers. The flaw is located in the GRUB2 Linux bootloader, but because of how Secure Boot is implemented, it can be used to compromise the booting process of Windows and other systems as well.
[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]Getting the patches that were announced today installed on all impacted computers and devices will require manual testing and deployment and will likely take a long time. It's reasonable to expect that some systems will never be updated and will remain vulnerable to boot-level malware and rogue firmware modifications.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
