Microsoft Security Copilot, an Artificial Intelligence (AI) Cyber Security Equipment, was used to discover many already unknown weaknesses in open-source bootloaders. Redmond-based tech veteran recently revealed a list of security flaws discovered in three commonly used bootloaders. One of the bootloaders is default for Linux-based systems, while the other two are usually used for embedded systems and internet of things (IOT) devices. In particular, Microsoft has informed the bootloader maintenators about the exploits, and they have issued security updates to fix them.
Microsoft displays the vulnerability discovery process of its AI system
In a blog post, Microsoft expanded the search process and the range of risk with these weaknesses. The company used safety copilot, an AI-managed safety analysis tool that can help organizations to protect from danger actors as well as in search of safety flaws. These weaknesses were found in the Grand Unified Bootloader (Grub2), U-Boot, and Bearbox, usually bootloaders used for operating systems and devices.
Grub2 is a default bootloader for many Linux-based systems, while U-boot and barebox are usually seen in embedded systems and IOT devices. In particular, a bootloader is a small program that runs before the operating system (OS) starts. It is responsible for loading OS into memory and starting the boot process.
Using AI, Microsoft Danger Intelligence discovered 11 weaknesses in Grub2, including issues such as integer overflow, buffer overflow and a cryptographic side-channel defect. These safety flaws may allow the danger actors to bypass the Unified Extenable Firmware Interface (UEFI) safe boot, designed to prevent unauthorized codes from running during the boot process.
Security Copilot also discovered nine weaknesses in U-boot and barebox. These were mainly buffer overflows that affected file systems such as squashfs, Ext 4, Cramefs, JFFS2 and Simlink. In particular, the danger actor will require physical access to the device to take advantage of these flaws, however, the security risk still exists.
In the case of Grub2, Microsoft explained that the attackers could exploit weaknesses by the attackers to establish remotely. This is related, because such bootkit operating systems can remain even after re -installing or changing the hard drive.
The teams behind Grub2, U-Boot, and Bearbox have already released security updates in February to remove these weaknesses. Users are advised to update their systems to the latest versions so that they can protect themselves from a possible cyber attack.
