Microsoft released the Patch Tuesday or Update Tuesday for the month of August a couple of days ago. You can find our coverage here:
In this month's Patch, the Redmond company also issued an important fix related to the Secure Boot DBX with its KB5012170 update.
For those unaware, the Secure Boot Forbidden Signature Database or DBX is basically a block-list for blacklisted UEFI executables that were found to be bad. The latest KB5012170 update adds signatures of the known vulnerable UEFI modules to the DBX, meaning they will no longer be able to run after this update. The signatures this time are related to the GRand Unified Boot Loader (GRUB) vulnerability also called BootHole.
The official Microsoft bulletin explains how the attack works:
Microsoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB), commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass.
To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.
Update: August 9, 2022
Microsoft has released standalone security update 5012170 to provide protection against the vulnerabilities described in this advisory.
The update is applicable to the following Windows and versions:
- Windows Server 2012
- Windows 8.1 and Windows Server 2012 R2
- Windows 10, version 1507
- Windows 10, version 1607 and Windows Server 2016
- Windows 10, version 1809 and Windows Server 2019
- Windows 10, version 20H2
- Windows 10, version 21H1
- Windows 10, version 21H2
- Windows Server 2022
- Windows 11, version 21H2 (original release)
- Azure Stack HCI, version 1809
- Azure Stack Data Box, version 1809 (ASDB)
The download is available via Windows Update as part of the Patch Tuesday package, but you can also get the standalone update from the Microsoft Update Catalog website here. You may find more information on the official support article here.