- Microsoft used backup co -drivers to scan open source starter chargers for vulnerabilities
- Discovered 20 new defects in a short time
- Microsoft says that tool AI kept the company at least one week of work
Microsoft has revealed more about how its latest artificial intelligence tools are demonstrating useful detection code vulnerabilities and more.
The company has published a new blog post that details how it used backup co -drivers (its cyber security tool with AI) to find almost two dozen vulnerabilities in different open source start loaders.
In total, Microsoft found 11 defects in Grub2 and nine more in U-Boot and Barbox.
Remote code execution risks
GRUB2 (Grand Unified Bootloader version 2) is a starter used in Linux and other operating systems similar to UNIX to administer the starting process and load the operating system.
U-Boot (DAS U-BOOT) and Barbox, on the other hand, are starting loaders used mainly in integrated systems. U-Boot is a widely adopted starter that admits several architectures, while Barebox is an alternative designed for faster starting times and easier maintenance.
Vulnerabilities cover from entire overflows and buffer, to attacks of side channels and reading vulnerabilities outside the limits.
Microsoft said that some of the defects could be used to execute arbitrary code, while others would need physical access to the vulnerable device, or would need the device to become infected with malware beforehand.
“While threat actors would probably require physical access to the device to exploit U-Boot or Barbox vulnerabilities, in the case of GRUB2, vulnerabilities could be exploited further to avoid safe start and install stealthy boots or potentially avoid other security mechanisms, such as bitlocker,” Microsoft said.
“The implications of the installation of such boots are significant, since this can grant the actors of threat to complete control over the device, which allows them to control the starting process and the operating system, compromise additional devices on the network and follow other malicious activities.”
“In addition, it could lead to persistent malware that remains intact even after reinstalling the operating system or a replacement of the hard disk.”
All defects now have an assigned CVE, and their severity is mainly “average”, and one is qualified as “high” – 7.8/10.
