- Microsoft used Security Copilot to scan open source bootloaders for vulnerabilities
- It discovered 20 new flaws in just a short time
- Microsoft says the AI tool saved the company at least a week of work
Microsoft has revealed more on how its latest AI tools are proving useful spotting code vulnerabilities and more.
The company has published a new blog post detailing how it used Security Copilot (its AI-powered cybersecurity tool) to find almost two dozen vulnerabilities in different open-source bootloaders.
In total, Microsoft found 11 flaws in GRUB2, and nine more in U-Boot and Barebox.
Remote code execution risks
GRUB2 (GRand Unified Bootloader version 2) is a bootloader used in Linux and other Unix-like operating systems to manage the boot process and load the operating system.
U-Boot (Das U-Boot) and Barebox, on the other hand, are bootloaders primarily used in embedded systems. U-Boot is a widely adopted bootloader supporting various architectures, while Barebox is an alternative designed for faster boot times and easier maintenance.
The vulnerabilities span from integer and buffer overflows, to side-channel attacks and out-of-bounds read vulnerabilities.
Some of the flaws could be used to execute arbitrary code, Microsoft said, whereas others would need physical access to the vulnerable device, or would need the device to be infected with malware beforehand.
“While threat actors would likely require physical device access to exploit the U-boot or Barebox vulnerabilities, in the case of GRUB2, the vulnerabilities could further be exploited to bypass Secure Boot and install stealthy bootkits or potentially bypass other security mechanisms, such as BitLocker,” Microsoft said.
“The implications of installing such bootkits are significant, as this can grant threat actors complete control over the device, allowing them to control the boot process and operating system, compromise additional devices on the network, and pursue other malicious activities.”
“Furthermore, it could result in persistent malware that remains intact even after an operating system reinstallation or a hard drive replacement.”
All of the flaws now have a CVE assigned, and their severity is mostly “medium”, with one being rated “high” – 7.8/10.
