ONE BOOTLOADER TO LOAD THEM ALL

As part of our continuing research into vulnerable and malicious bootloaders, we have identified three new bootloader vulnerabilities which affect the vast majority of devices released over the past 10 years including x86-64 and ARM-based devices. These vulnerabilities could be used by an attacker to easily evade Secure Boot protections and compromise the integrity of the boot process;?enabling the attacker to modify the operating system as it loads, install backdoors, and disable operating system security controls.

Much like our previous GRUB2 BootHole research, these new vulnerable bootloaders are signed by the Microsoft UEFI Third Party Certificate Authority. By default, this CA is trusted by virtually all traditional Windows and Linux-based systems such as laptops, desktops, servers, tablets, and all-in-one systems. As a result, an attacker could simply install the vulnerable bootloader, and it would be trusted by the target device.

THE VULNERABILITIES

This section summarizes the key points of each vulnerability, however, a more in-depth analysis is available in our recent DEF CON talk (link). We have identified vulnerabilities in three different bootloaders, which have been assigned the following CVEs

• CVE-2022-34301 – Eurosoft (UK) Ltd
• CVE-2022-34302 – New Horizon Datasys Inc
• CVE-2022-34303 – CryptoPro Secure Disk for BitLocker

For Further Reference

https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/