Article Details

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders. Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. GRUB2 (GRand Unified Bootloader) is the default boot loader for most Linux distributions, including Ubuntu, while U-Boot and Barebox are commonly used in embedded and IoT devices. Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit. The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device. While exploiting these flaws would likely need local access to devices, previous bootkit attacks like BlackLotus achieved this through malware infections. "While threat actors would likely require physical device access to exploit the U-boot or Barebox vulnerabilities, in the case of GRUB2, the vulnerabilities could further be exploited to bypass Secure Boot and install stealthy bootkits or potentially bypass other security mechanisms, such as BitLocker," explains Microsoft. "The implications of installing such bootkits are significant, as this can grant threat actors complete control over the device, allowing them to control the boot process and operating system, compromise additional devices on the network, and pursue other malicious activities." "Furthermore, it could result in persistent malware that remains intact even after an operating system reinstallation or a hard drive replacement." Below is a summary of the flaws Microsoft uncovered in GRUB2: All of the above flaws are rated medium severity, except for CVE-2025-0678, which is rated "high" (CVSS v3.1 score: 7.8). Microsoft says Security Copilot dramatically accelerated the vulnerability discovery process in a large and complex codebase, such as GRUB2, saving approximately 1 week of time that would be required for manual analysis. Not only did the AI tool identify the previously undiscovered flaws, but it also provided targeted mitigation recommendations that could provide pointers and accelerate the issuing of security patches, especially in open-source projects supported by volunteer contributors and small core teams. Using the findings in the analysis, Microsoft says Security Copilot found similar bugs in projects utilizing shared code with GRUB2, such as U-boot and Barebox. GRUB2, U-boot, and Barebox released security updates for the vulnerabilities in February 2025, so updating to the latest versions should mitigate the flaws.   Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.