Microsoft has its AI-powered Security Copilot discover a whole host of previously unknown vulnerabilities

News
By published

Almost two dozen new security vulnerabilities found by Security Copilot

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)
  • Microsoft used Security Copilot to scan open source bootloaders for vulnerabilities
  • It discovered 20 new flaws in just a short time
  • Microsoft says the AI tool saved the company at least a week of work

Microsoft has revealed more on how its latest AI tools are proving useful spotting code vulnerabilities and more.

The company has published a new blog post detailing how it used Security Copilot (its AI-powered cybersecurity tool) to find almost two dozen vulnerabilities in different open-source bootloaders.

In total, Microsoft found 11 flaws in GRUB2, and nine more in U-Boot and Barebox.

Monitor your credit score with TransUnion starting at $29.95/month

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Remote code execution risks

GRUB2 (GRand Unified Bootloader version 2) is a bootloader used in Linux and other Unix-like operating systems to manage the boot process and load the operating system.

U-Boot (Das U-Boot) and Barebox, on the other hand, are bootloaders primarily used in embedded systems. U-Boot is a widely adopted bootloader supporting various architectures, while Barebox is an alternative designed for faster boot times and easier maintenance.

The vulnerabilities span from integer and buffer overflows, to side-channel attacks and out-of-bounds read vulnerabilities.

Some of the flaws could be used to execute arbitrary code, Microsoft said, whereas others would need physical access to the vulnerable device, or would need the device to be infected with malware beforehand.

"While threat actors would likely require physical device access to exploit the U-boot or Barebox vulnerabilities, in the case of GRUB2, the vulnerabilities could further be exploited to bypass Secure Boot and install stealthy bootkits or potentially bypass other security mechanisms, such as BitLocker," Microsoft said.

"The implications of installing such bootkits are significant, as this can grant threat actors complete control over the device, allowing them to control the boot process and operating system, compromise additional devices on the network, and pursue other malicious activities."

"Furthermore, it could result in persistent malware that remains intact even after an operating system reinstallation or a hard drive replacement."

All of the flaws now have a CVE assigned, and their severity is mostly “medium”, with one being rated “high” - 7.8/10.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.