Hapana chinoshamisa, zero zero ... Asi imwe yakawanikwa kunetseka, CVE-2020-10713, iyo inokanganisa iyo GRUB2 bootloader uye Yakachengeteka Boot. Chinyorwa cheEclypsium timu yekutsvagisa ndiyo yanga iri kumashure kwekuwana uku uye kwavakabhabhatidza seBootHole. Kunyangwe Microsoft yakaburitsa mukova pane yayo yekuchengetedza portal yambiro nezvayo uye ichiti pane mhinduro yakaoma panguva ino.
BhootHole Icho buffer yekufashukira kusagadzikana kunokanganisa mabhiriyoni emidziyo ine GRUB2 uye kunyangwe vamwe vasina GRUB2 vanoshandisa Yakachengeteka Boot senge Windows. MuCVSS system classification yakapihwa zvibodzwa se8.2 kunze kwegumi, zvinoreva kuti iri njodzi huru. Uye ndezvekuti anorwisa anogona kutora mukana weizvi kuti akwanise kuita kodhi yekumanikidza (kusanganisira malware) yakaunzwa panguva yekuita bhuti, kunyangwe paine Yakachengeteka Boot inogoneswa.
Tanto zvishandiso network, maseva, nzvimbo dzekushandira, desktops nemalaptop, pamwe nezvimwe zvishandiso zvakaita seSBCs, zvimwe nhare mbozha, zvishandiso zveIoT, nezvimwe.
Uyezve, maererano neEclypsium, ichave iri zvakaoma kudzikisira uye zvinotora nguva kutsvaga mhinduro. Zvinoda kuongororwa kwakadzama kwebhootloaders uye vatengesi vanofanirwa kuburitsa vhezheni nyowani dzeabootloader dzakasainwa neEFI CA. Zvinotora kuyedza kwakabatana pakati pevagadziri muMicrosoft yakavhurwa sosi uye nharaunda inobatana pamwe nevamwe varidzi vehurongwa hwakakonzera kuunza pasi BootHole.
Muchokwadi, ivo vakaita iyo list list kukwanisa kugadzirisa BootHole muGRUB2 uye unoda:
- Patch yekugadzirisa GRUB2 uye kubvisa kusagadzikana.
- Kuti vagadziri veLinux vanogovera uye vamwe vatengesi vanoburitsa zvidzoreso zvevashandisi vavo. Vaviri padanho reGRUB2, vanoisa uye shims.
- Iyo shims nyowani inofanirwa kusainwa neMicrosoft UEFI CA yechitatu mapato.
- Ma Administrator eanoshanda masystem anofanira kunge achifanira kugadzirisa. Asi inofanirwa kusanganisira zvese zvakaiswa system, inoisa mifananidzo uyezve yekudzosa kana bootable midhiya yavakagadzira.
- Iyo UEFI Revocation Rondedzero (dbx) inodawo kuvandudzwa mu firmware yeumwe neumwe maitiro akanganisa kudzivirira kodhi kuitisa panguva yebhoti.
Chinhu chakaipisisa ndechekuti kana zvasvika kune iyo firmware, iwe unofanirwa kungwarira kuti usaguma uine matambudziko uye kuti makomputa agare mune zvidhinha modhi.
Panguva ino, makambani akadai seRed Hat, HP, Debian, SUSE, Canonical, Oracle, Microsoft, VMWare, Citrix, UEFI Security Response Team uye maOEMs, pamwe nevapi ve software, ivo vari kutoshanda kuti vazvigadzirise. Nekudaro, isu tichafanirwa kumirira kuti tione zvigamba zvekutanga.
UPDATE
Asi kurerutsa kushanda kwevagadziri nenharaunda kungave kupusa. Kare kune akati wandei chigamba kuidzikamisa iri kuuya kubva kumakambani akaita seRed Hat, Canonical, nezvimwe. Vakamaka iyi nyaya sekutanga kukoshesa uye iri kubhadhara.
Dambudziko? Dambudziko nderekuti zvigamba izvi zviri kukonzera mamwe matambudziko. Zvinondiyeuchidza nezve zvakaitika neMetldown uye Specter zvigamba, kuti dzimwe nguva mushonga unenge wakanyanya kukunda chirwere ...