Summary: Microsoft utilized its AI-powered Security Copilot to uncover 20 previously unknown vulnerabilities in GRUB2, U-Boot, and Barebox bootloaders. These vulnerabilities could allow attackers to bypass security mechanisms, including UEFI Secure Boot, potentially allowing for arbitrary code execution. Security updates were released in February 2025 to address these flaws.
Affected: GRUB2, U-Boot, Barebox
Keypoints :
- Eleven vulnerabilities found in GRUB2, affecting filesystem parsers and cryptographic functions.
- Nine buffer overflow vulnerabilities discovered in U-Boot and Barebox, requiring physical access to exploit.
- Exploitation could lead to persistent malware and control over the device’s boot process.
- AI tools like Security Copilot significantly sped up the vulnerability discovery process and suggested targeted mitigations.
- Security updates were released in February 2025 to mitigate the identified vulnerabilities.